Modifying Linux File Permissions: The chmod Command

Every file and directory in a Linux system has access permissions that determine who can access and operate on them and in what way.

File or directory access permissions are divided into three types: read-only, write-only, and executable. Taking a file as an example, read-only permission means you are only allowed to read its content, while any modification operations are prohibited. Executable permission means the file is allowed to be executed as a program. When a file is created, the file owner automatically receives read, write, and executable permissions on that file, making it convenient for reading and modifying the file. Users can also set access permissions to any combination as needed.

There are three different types of users who can access files or directories: the file owner, users in the same group, and other users. The owner is generally the creator of the file. The owner can grant same-group users access to the file and can also assign file access permissions to other users in the system. In this case, every user in the system can access files or directories owned by that user.

Every file or directory has three sets of access permissions, each represented by three bits, corresponding to the owner’s read, write, and execute permissions; the read, write, and execute permissions of users in the same group as the owner; and the read, write, and execute permissions of other users in the system. When using the ls -l command to display detailed information about a file or directory, the leftmost column shows the file’s access permissions. For example:

$ ls -l sobsrc. tgz

-rw-r–r– 1 root root 483997 Ju1 l5 17:3l sobsrc. tgz

A dash represents no permission. r stands for read-only, w for write, and x for executable. Note that there are 10 positions in total. The first character specifies the file type. In the usual sense, a directory is also a file. If the first character is a dash, it indicates a non-directory file. If it is d, it indicates a directory.

For example:

– rw- r– r–

Regular file Owner Group users Other users

This is the access permission of the file sobsrc.tgz, indicating that sobsrc.tgz is a regular file; the owner of sobsrc.tgz has read and write permissions; users in the same group as the owner of sobsrc.tgz have only read permission; other users also have only read permission.

After determining a file’s access permissions, users can use the chmod command provided by the Linux system to reset different access permissions. They can also use the chown command to change the owner of a file or directory, and the chgrp command to change the user group of a file or directory.

These commands are introduced separately below.

chmod Command

The chmod command is very important and is used to change the access permissions of files or directories. Users use it to control access permissions for files or directories.

This command has two usage methods. One is the symbolic method using letters and operator expressions; the other is the numeric method using numbers.

1. Symbolic Method

chmod [who] [+ | – | =] [mode] filename

The meanings of each option in the command are:

The operation target who can be any one of the following letters or a combination thereof:

u represents “user”, i.e., the owner of the file or directory.

g represents “group” users, i.e., all users with the same group ID as the file owner.

o represents “other” users.

a represents “all” users. This is the system default.

The operation symbols can be:

+ Add a permission.

– Remove a permission.

= Assign the given permission and cancel all other permissions (if any).

Setting the permissions represented by mode can use any combination of the following letters:

r Readable.

w Writable.

x Executable.

X Add the x attribute only if the target file is executable for some users or the target file is a directory.

s Set the process owner or group ID to the file owner when the file is executed. The mode “u+s” sets the file’s user ID bit, and “g+s” sets the group ID bit.

t Save the program text to the swap device.

u Same permissions as the file owner.

g Same permissions as users in the same group as the file owner.

o Same permissions as other users.

Filename: A space-separated list of files whose permissions are to be changed, supporting wildcards.

Multiple permission modes can be given in a single command line, separated by commas. For example: chmod g+r,o+r example

This gives group and other users read permission on the file example.

2. Numeric Method

We must first understand the meaning of attributes represented by numbers: 0 means no permission, 1 means executable permission, 2 means write permission, 4 means read permission, and then they are added together. So the numeric attribute format should be three octal digits from 0 to 7, in the order of (u)(g)(o).

For example, if you want the owner of a file to have “read/write” permissions, you need to add 4 (readable) + 2 (writable) = 6 (read/write).

The general form of the numeric method is:

chmod [mode] filename

Examples:

(1) Symbolic Method:

Example 1: $ chmod a+x sort

This sets the attributes of the file sort to:

File owner (u) Add execute permission

Users in the same group as the file owner (g) Add execute permission

Other users (o) Add execute permission

Example 2: $ chmod ug+w,o-x text

This sets the attributes of the file text to:

File owner (u) Add write permission

Users in the same group as the file owner (g) Add write permission

Other users (o) Remove execute permission

Example 3: $ chmod u+s a.out

Suppose after executing chmod, the permissions of a.out are (you can use ls -l a.out to view them):

-rws–x–x 1 inin users 7192 Nov 4 14:22 a.out

And this executable file needs to use a text file shiyan1.c, whose file access permission is “-rw——-“, meaning that only the owner of this file has read and write permissions.

When other users execute the a.out program, their identity temporarily becomes inin for this program (due to the s option used in the chmod command), so they can read the shiyan1.c file (even though this file is set so that others have no permissions). This is the function of s.

Therefore, throughout the entire system, especially for root itself, it is best not to set too many files of this type (unless necessary) to ensure system security and avoid system intrusion due to bugs in certain programs.

Example 4: $ chmod a-x mm.txt

$ chmod -x mm.txt

$ chmod ugo-x mm.txt

All three commands above remove the execute permission of the file mm.txt, targeting all users.

(2) Numeric Method:

Example 1: $ chmod 644 mm.txt

$ ls -l

This sets the attributes of the file mm.txt to:

-rw-r–r– 1 inin users 1155 Nov 5 11:22 mm.txt

File owner (u) inin has read and write permissions

Users in the same group as the file owner (g) have read permission

Others (o) have read permission

Example 2: $ chmod 750 wch.txt

$ ls -l

-rwxr-x— 1 inin users 44137 Nov 12 9:22 wchtxt

This sets the attributes of the file wchtxt to:

The file owner (u) inin has read/write/execute permissions

Users in the same group as the file owner (g) have read/execute permissions

Others (o) have no permissions

chgrp Command

Function: Change the group to which a file or directory belongs.

Syntax: chgrp [options] group filename

This command changes the user group to which the specified file belongs. Here, group can be a user group ID or the group name of a user group in the /etc/group file. The filename is a space-separated list of files whose group is to be changed, supporting wildcards. If the user is not the owner of the file or the superuser, they cannot change the file’s group.

The meanings of each option for this command are:

-R Recursively change the group of the specified directory and all its subdirectories and files.

Example 1: $ chgrp -R book /opt/local /book

Change the group of /opt/local /book/ and all files in its subdirectories to book.

chown Command

Function: Change the owner and group of a file or directory. This command is also very commonly used. For example, if the root user copies a file to user xu, to allow user xu to access this file, the root user should set the owner of this file to xu; otherwise, user xu cannot access this file.

Syntax: chown [options] user or group file

Description: chown changes the owner of the specified file to the specified user or group. The user can be a username or user ID. The group can be a group name or group ID. The file is a space-separated list of files whose permissions are to be changed, supporting wildcards.

The meanings of each option for this command are as follows:

-R Recursively change the owner of the specified directory and all its subdirectories and files.

-v Display the work done by the chown command.

Example 1: Change the owner of the file shiyan.c to wang.

$ chown wang shiyan.c

Example 2: Change the owner of the directory /his and all files and subdirectories under it to wang, and change the group to users.

$ chown -R wang.users /his

Leave a Comment

Your email address will not be published.