Join Scott Simpson for an in-depth discussion in this video Understand file permissions, part of Learning Linux Command Line.
- [Voiceover] At first look, file permissions can seem rather cryptic. We've seen them before when listing files in a directory, but it's not immediately clear what they mean. rwxr-xr-x might not make any sense now, but it will soon. The sequence of letters breaks down into three groups. The first represents the user, or the owner of the file. The second group of three represents the group the owner is a member of, and the third group represents all other users not in the group the user is a member of.
Each of the groups of three breaks down into three individual letters, which stand for read, write, and execute. Read means that someone can see the contents of a file but not modify it. Write means that someone can make changes to a file, but not read the contents. and execute means that someone can run the file, for example a program or script, without loading it into another program first. There are a couple of other letters you may see in here, but r, w, and x will take care of what we need to do for now.
We can change the permissions of a file using the chmod command. Chmod sets the file mode bits on a file and we can do that in two ways. The first is to use an Octal notation, which uses three values to represent read, write, and execute. There's another notation with another digit in front, but that's more advanced than we need to get into here. The second is called Symbolic notation, which uses a shorthand for user, group, others, and all, an operator, and a list of permissions to change. We'll look at both, starting with the octal notation.
You may have seen commands like chmod777, chmod644, and things like that. The way we arrive at those numbers is by assigning read, write, and execute each a different value: 4, 2, and 1. That makes it easy to represent various states of these three values with just one digit. So, if my user can read, write, and execute, that comes out to 7; 4 plus 2 plus 1. If the group can only read and execute, that comes out to 5; 4 plus 1.
With this system and a bit of very basic math, it's impossible to be ambiguous about the permissions that the user, group, or others have. If you don't feel like doing the math, here's a quick table. The Symbolic way of representing permissions is a little bit more approachable, I think, because instead of setting numbers for each value, you can add or remove a permission by letter. User is represented by the letter "u", group by "g", others by "o", and changing all the values is represented by "a".
If you leave off a prefix, chmod applies your changes to all values, also. There are three operators here, too. "+" adds whichever permissions you specify to what's already there. "-" removes from whatever's there, and "=" resets the permissions to only whatever value you specify. So for example, to set my user permissions to read, write, and execute, I would use chmod u+rwx. To set my group permissions to only read, I would use chmod g=r, and to remove read, write and execute from others, I would write chmod o-rwx.
We can line up the Octal and Symbolic Values and see what the results are. In Octal, 777 is the same as saying a+rwx. 755 is the same as saying u+rwx, g=rx, o=rx. You can see the symbolic notation is a little bit longer, but it contains more information and context, so I think it's a little easier to work with. The nice thing about Symbolic notation is that it's a little easier to make changes, since you're specifying what to change rather than what Octal Value to use.
Using Octal notation is kind of like using the equals operator in Symbolic notation all the time, saying whatever was there before, now it's this value, rather than add read or remove execute. Here's a few examples before and after of changing permissions with Symbolic notation. It's not something to memorize, per say, it's just to give you a sense of how things change. We can see that in the first row, adding execute adds an "x" in all three places. In the second row, setting group to "w" and others to read changes the original pretty substantially, and so forth.
Okay, enough slides. Let's change some permissions. I've got a really small Bash script here, called test.sh, which just prints out a line of text when we run it. The ./ before the file name is how we run executable files at the command line. Executable means the file can run on its own, without having to be loaded by another program first. Let's take a look at the permissions on this file. I'll write ls -lh. I can see there are rwxr-xr-x.
My user can read, write, and execute. Anyone in my group can read and execute, and others can read and execute also. Let's take away the execute bit for all the users. Take a moment and think about how you would do this in Octal notation and in Symbolic notation. To do this in Octal notation, I'd type chmod 644 test.sh. Or in Symbolic notation, it would be chmod a-x test.sh.
Now if I try to run the program, I'm denied permission. I can still run it with another program, the Bash interpreter, but that's because the other program is executing the code. It's not running all by itself. I may not be able to run it directly, but I can still read the file. Let's take a look at it with cat test.sh. there's my very simple program. I'll clear the screen. Now, let's take away read permission for just the user. Think about how we'd do that in Octal notation and in Symbolic notation.
This one's pretty easy in Symbolic notation. chmod u-r test.sh, but in Octal it's a little trickier, because we have to think about the values we're not changing as well as the one we are. In Octal, it would be chmod 244 test.sh. Now, taking a look at the file again, with cat test.sh, I'm denied permission. Let's put the file back to how it was with chmod 755 test.sh, and we see that we can run the file and also look at its contents.
When a user creates a file in their home directory, it starts out with 664 permissions. We can check that out by creating a blank file with a touch command. I'll write touch newfile. And with ls -lh, we can see the permissions. Read, write for user; read, write for group; and only read for others. This means if you need to make a program that's executable, you'd need to set the executable bit yourself. There are two other kinds of permission settings I want to introduce you to: File ownership and group ownership.
In the output of ls, there's two columns that show the user and group ownership for each file. The user here is the user we're talking about in the first set of permissions, and the group is the group from the second group of three letters. I'll clear the screen again and then let's take another look at test.sh. Recall that the user permission is set to read, write, execute, and the group is set to read and execute. I can verify that I can write to the file by opening it up in Vim and making a change. I'll write vi test.sh.
I'll press "i" to go into insert mode, and I'll make a basic change. I'll just add another line here with a comment. Don't worry about this right now, we'll get into this in more detail later. I'll press escape, ":wq" to save the file and quit Vim. Now, if I change the user who owns the file, I won't be the owner anymore. I'll write sudo chown, for change ownership, root, to change the ownership to the root user, test.sh I have to use sudo because I need root's privileges to set something to root ownership.
Now, if I try to edit the file again, with a vi test.sh and move into insertion mode, I see a warning that I'm working on a readonly file. I can't write to the file anymore. Again, I'll press escape, ":", and then "q!" to quit without saving changes. I'll set the user back. I'll write sudo chown, my user name, test.sh. Now I'd be able to edit the file again. Changing groups works the same way with the chgrp command.
As you're getting started with the command line, you won't be changing permissions too much, but once you start working with web servers and other processes that need access to files in secure ways, you'll be glad you understand how to change permissions.
This course will establish the foundation for more advanced Linux topics. Find other Linux training courses here.
- What is the Linux command line?
- Writing Linux commands at the prompt
- Finding help for Linux commands
- Editing files and folders
- Configuring user roles and file permissions
- Using pipes to connect commands
- Peeking at files
- Searching and editing text
- Finding disk and system information
- Installing and updating software