As a user of a system, to access a file in Linux and UNIX, it is important that a user has the required permission for that specific file or directory. For example, as a regular user, perform cd
into /root
:
$ cd /root bash: cd: /root/: Permission denied
We were not able to do so because of the permission denied error:
$ cd ~/
We were successfully able to do cd
into the user's home directory because a user had the permission to access its own home directory.
Every file in UNIX or Linux has an owner and an associated group. It also has a set of permissions (read, write, and execute) with respect to the user, group, and others.
The ls
command with the -l
option is used to view the ownership and permission of a file:
$ touch permission_test_file.txt # Creating a file $ ls -l permission_test_file.txt # Seeing files' attributes -rw-rw-r-- 1 foo foo 0 Aug 24 16:59 permission_test_file.txt
Here, the first column of ls
contains the permission information—that is, -rw-rw-r--
.
The first character specifies a file's type, which is dash (-) in this example. A dash means that it is a regular file. It can have other characters as follows:
The next three characters belong to a user's or owner's permission. It can be either rwx
or dash
at any of these spaces. The permission r
specifies that the read permission is available, w
specifies that the write permission is available, and x
specifies that the execute permission is available over the given file. If a dash is present, then the corresponding permission is missing. In the above example, an owner's permission is rw-
, which means the owner has read and write permission on the permission_test_file.txt
file but no execute permission.
The next three characters belong to a group's permission. It can be rwx
or dash
at any of these places if the corresponding permission is missing. In the preceding example, the permission given to a group is rw-
, which means the read and write permissions are present and the execute permission is missing.
The next three characters belong to other's permission. In the preceding example, the permission given to others is r--
, which means other users can read the content of the permission_test_file.txt
file but can't modify or execute it.
The next column in the ls -l
output—that is, the second column specifies who the owner of file is. In our example, the second column value is foo
, which means foo
has the ownership of the file. By default, the ownership of a file is given to whoever has created that file.
The third column in the ls -l
output that specifies the group to which a file belongs to. In our case, the group of the permission_test_file.txt
file is foo
.
To change the permission of a file, the chmod
command is used. The syntax of using chmod
is as follows:
chmod [option] mode[,mode] file
Or,
chmod [option] octal-mode file
An important option of chmod
is -R
, which means change the files and directories permission recursively.
The mode
can be [ugoa][-+][rwx]
.
Here, u
is the owner, g
is the group, o
is other, and a
is all users—that is, ugo
.
Specifying - (minus) removes the specified permission and specifying +(plus)
adds the specified permission.
The letters r
(read), w
(write), and x
(execute) specify permissions.
The octal-mode
specifies the rwx
permission of a user together in octal format, which can be from 0 to 7
. The following table explains the octal representation of a permission to a specific user:
Octal Value |
Binary representation |
Meaning |
---|---|---|
0 |
000 |
No read, write, and execute permissions (---) |
1 |
001 |
Only execute permission (--x) |
2 |
010 |
Only write permission (-w-) |
3 |
011 |
Write and execute permissions (-wx) |
4 |
100 |
Only read permission (r--) |
5 |
101 |
Read and execute permissions (r-x) |
6 |
110 |
Read and write permissions (rw-) |
7 |
111 |
Read, write, and execute permissions (rwx) |
To demonstrate the changing permission on a file, we will create a file as follows:
$ touch test_file.txt $ ls -l test_file.txt # Checking permission of file -rw-rw-r--. 1 foo foo 0 Aug 24 18:59 test_file.txt
The default permission given to a regular file is the Read
permission to an owner, group, and other. The Write
permission is given to the owner and group. No execute permission is given to anyone.
Now, we want to modify a permission in such a way that only the owner can have the write
permission, and keeping the other permission as it is. We can do this in the following way:
$ chmod 644 test_file.txt $ ls -l tst_file.txt -rw-r--r--. 1 foo foo 0 Aug 24 19:03 test_file.txt
Now, we can see that only an owner can modify test_file
. While using octal mode, we have to specify the exact permission that we want to see further. In chmod
, we gave octal_mode
as 644
; here the first octal digit, that is, 6
signifies the read, write, and execute permissions of the owner. Similarly, the second octal digit 4
specifies the permissions for the group and the third digit specifies the permission for others.
There is another way to modify a permission, which is by using mode. Mode is specified as [ugoa][-+][rwx]
. Here, we only have to specify which permission we want to add or remove.
For example, we want to remove the write permission from an owner and add the execute permission to all. We can do this as follows:
$ chmod u-w,a+x test_file.txt $ ls -l test_file.txt -r-xr-xr-x. 1 foo foo 0 Aug 24 19:03 test_file.txt
We can also change the owner and group ownership of a file. This allows flexibility to further modify the group and owner of a file.
To change the owner of a command, chown
is used. This is useful for sysadmin in different cases. For example, a user is working on a project and now the user is going to discontinue working on that project. In such a case, sysadmin can modify the ownership to a new user who is responsible for continuing that project. Sysadmin can change the ownership of a file to a new user for all the related files in a project.
In our previous example, foo
is the owner of the test_file.txt
file. Now, we want to transfer the ownership of a file to user bar
.
If the user bar
doesn't exist in a system, a new user bar can be created using the useradd
command. The useradd
command needs the root access.
Following command will create a new user called bar
:
$ sudo useradd bar # New user bar will be created
We can change ownership of test_file.txt
file to user bar
by executing the following command as root
or sudo
:
$ sudo chown bar test_file.txt # Changing ownership of file to user bar $ ls -l test_file.txt -r-xr-xr-x. 1 bar foo 0 Aug 24 19:03 test_file.txt
We can see that the ownership of a file is changed to bar.
To modify the group ownership of a file, we can either use the chown
or chgrp
command. To create a new group, the groupadd
command is used as sudo
or root
. For example, we want to create a new group called test_group
:
$ sudo groupadd test_group
Now, we will change the group of the example file test_file.txt
by using the chown
command. This can be done by executing the following command:
$ sudo chown :test_group test_file.txt # Modifying group ownership $ ls -l test_file.txt -r-xr-xr-x. 1 bar test_group 0 Aug 24 19:03 test_file.txt
We can see that the group has been modified to test_group
. To change the group using the chgrp
command, we can execute the following command:
$ sudo chgrp bar test_file.txt # Changing group ownership to bar $ ls -l test_file.txt -r-xr-xr-x. 1 bar bar 0 Aug 24 19:03 test_file.txt
Now, we will revert back the owner and group to foo
for the test_file.txt
file:
$ sudo chown foo:foo test_file.txt $ ls -l test_file.txt -r-xr-xr-x. 1 foo foo 0 Aug 24 19:03 test_file.txt
The new owner name is provided before :
(colon) and the group name after :
,while modifying the owner and group ownership using the chown
command.
13.58.187.240