Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
linux:file-permissions [2020/03/05 15:16] – created michael | linux:file-permissions [2020/03/05 15:57] (current) – michael | ||
---|---|---|---|
Line 51: | Line 51: | ||
==== Effect of Permissions on Files ==== | ==== Effect of Permissions on Files ==== | ||
- | Permission Character Meaning on File | + | |
- | Read - The file is not readable. You cannot view the file contents. | + | |
- | r The file is readable. | + | ^ Permission |
- | Write - The file cannot be changed or modified. | + | | **Read** |
- | w The file can be changed or modified. | + | | | |
- | Execute - The file cannot be executed. | + | | **Write** | |
- | x The file can be executed. | + | | | |
- | s If found in the user triplet it sets the setuid bit. If found in the group triplet, it sets the setgid bit. It also means that x flag is set. | + | | **Execute** | |
- | When the setuid or setgid flags are set on an executable file, the file is executed with the file’s owner and/or group privileges. | + | | | |
- | S Same as s but the x flag is not set. This flag is rarely used on files. | + | | | |
- | t If found in the others triplet it sets the sticky bit. | + | | | |
- | It also means that x flag is set. This flag is useless on files. | + | | | |
- | T Same as t but the x flag is not set. This flag is useless on files. | + | | | |
Line 71: | Line 71: | ||
In Linux, Directories are special types of files that contain other files and directories. | In Linux, Directories are special types of files that contain other files and directories. | ||
- | Permission Character Meaning on Directory | + | ^ Permission |
- | Read - The directory’s contents cannot be shown. | + | | **Read** |
- | r The directory’s contents can be shown. | + | | | |
- | (e.g. You can list files inside the directory with ls.) | + | | **Write** | |
- | Write - The directory’s contents cannot be altered. | + | | | |
- | w The directory’s contents can be altered. | + | | **Execute** | |
- | (e.g. You cannot create new files, delete files ..etc.) | + | | | |
- | Execute - The directory cannot be changed to. | + | | | |
- | x The directory can be navigated using cd. | + | | | |
- | s If found in the user triplet, it sets the setuid bit. If found in the group triplet it sets the setgid bit. It also means that x flag is set. When the setgid flag is set on a directory the new files created within it inherits the directory group ID (GID), instead of the primary group ID of the user who created the file. | + | | | |
- | setuid has no effect on directories. | + | | | |
- | S Same as s but the x flag is not set. This flag is useless on directories. | + | |
- | t If found in the others triplet it sets the sticky bit. | + | |
- | It also means that x flag is set. When the sticky bit is set on a directory, only the file’s owner, the directory’s owner, or administrative user can delete or rename the files within the directory. | + | |
- | T Same as t but the x flag is not set. This flag is useless on directories. | + | |
===== Using chmod ===== | ===== Using chmod ===== | ||
- | The chmod command takes the following general form: | + | The '' |
- | chmod [OPTIONS] MODE FILE... | + | |
- | The chmod command allows you to change the permissions on a file using either a symbolic or numeric mode or a reference file. We will explain the modes in more detail later in this article. The command can accept one or more files and/or directories separated by space as arguments. | + | |
- | Only root, the file owner or user with sudo privileges can change the permissions of a file. Be extra careful when using chmod, especially when recursively changing the permissions. | + | < |
- | ==== Symbolic (Text) Method ==== | + | The '' |
- | The syntax | + | Only root, the file owner or user with sudo privileges can change the permissions |
- | chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE... | + | |
- | The first set of flags ([ugoa…]), | + | |
- | * u - The file owner. | ||
- | * g - The users who are members of the group. | ||
- | * o - All other users. | ||
- | * a - All users, identical to ugo. | ||
- | If the users flag is omitted, the default one is a and the permissions that are set by umask are not affected. | + | ==== Symbolic (Text) Method ==== |
- | The second set of flags ([-+=]), the operation flags, defines whether the permissions are to be removed, added, or set: | + | |
- | * - Removes | + | The syntax of the '' |
- | * + Adds specified permissions. | + | |
- | * = Changes | + | |
- | The permissions (perms...) can be explicitly set using either zero or one or more of the following letters: r, w, x, X, s, and t. Use a single letter from the set u, g, and o when copying permissions from one to another users class. | + | < |
- | When setting permissions for more than one user classes | + | The first set of flags ('' |
- | Below are some examples | + | * '' |
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
- | Give the members of the group permission to read the file, but not to write and execute it: | + | If the users flag is omitted, |
- | + | The second set of flags ('' | |
- | chmod g=r filename | + | |
- | Remove | + | |
- | chmod a-x filename | + | * '' |
- | Repulsively remove | + | * '' |
+ | * '' | ||
- | chmod -R o-w dirname | + | The permissions ('' |
- | Remove | + | |
- | chmod og-rwx filename | + | When setting permissions for more than one user classes ('' |
- | The same thing can be also accomplished by using the following form: | + | |
- | chmod og= filename | + | Below are some examples of how to use the '' |
- | Give read, write and execute permission | + | |
- | chmod u=rwx, | + | * Give the members of the group permission to read the file, but not to write and execute it: < |
- | Add the file’s owner permissions to the permissions that the members of the file’s group have: | + | * Remove the execute permission for all users: < |
- | + | * Repulsively remove the write permission for other users: < | |
- | chmod g+u filename | + | * Remove the read, write, and execute permission for all users except the file’s owner: < |
- | Add a sticky bit to a given directory: | + | * The same thing can be also accomplished by using the following form: < |
- | + | * Give read, write and execute permission to the file’s owner, read permissions to the file’s group and no permissions to all other users: < | |
- | chmod o+t dirname | + | |
+ | | ||
+ | <WRAP center box 100%> | ||
==== Numeric Method ==== | ==== Numeric Method ==== | ||
The syntax of the chmod command when using numeric method has the following format: | The syntax of the chmod command when using numeric method has the following format: | ||
- | chmod [OPTIONS] NUMBER FILE... | + | |
+ | < | ||
When using the numeric mode, you can set the permissions for all three user classes (owner, group, and all others) at the same time. | When using the numeric mode, you can set the permissions for all three user classes (owner, group, and all others) at the same time. | ||
- | The NUMBER can be a 3 or 4-digits number. | + | The '' |
When 3 digits number is used the first digit represents the permissions of the file’s owner, the second one of the file’s group and the last one all other users. | When 3 digits number is used the first digit represents the permissions of the file’s owner, the second one of the file’s group and the last one all other users. | ||
Line 156: | Line 145: | ||
Each write, read, and execute permissions have the following number value: | Each write, read, and execute permissions have the following number value: | ||
- | * r (read) = 4 | + | * '' |
- | * w (write) = 2 | + | * '' |
- | * x (execute) = 1 | + | * '' |
- | * no permissions = 0 | + | * no permissions = '' |
The permissions number of a specific user class is represented by the sum of the values of the permissions for that group. | The permissions number of a specific user class is represented by the sum of the values of the permissions for that group. | ||
Line 168: | Line 157: | ||
* Others: r-x=4+0+0=4 | * Others: r-x=4+0+0=4 | ||
- | Using the method above we come up to the number 754, which represents the desired permissions. | + | Using the method above we come up to the number |
- | To set up the setuid, setgid, and sticky bit flags use four digits number. | + | To set up the '' |
When the 4 digits number is used, the first digit has the following meaning: | When the 4 digits number is used, the first digit has the following meaning: | ||
Line 181: | Line 170: | ||
The next three digits have the same meaning as when using 3 digits number. | The next three digits have the same meaning as when using 3 digits number. | ||
- | If the first digit is 0 it can be omitted, and the mode can be represented with 3 digits. The numeric mode 0755 is the same as 755. | + | If the first digit is 0 it can be omitted, and the mode can be represented with 3 digits. The numeric mode '' |
To calculate the numeric mode you can also use another method (binary method), but it is a little more complicated. Knowing how to calculate the numeric mode using 4, 2, and 1 is sufficient for most users. | To calculate the numeric mode you can also use another method (binary method), but it is a little more complicated. Knowing how to calculate the numeric mode using 4, 2, and 1 is sufficient for most users. | ||
Line 187: | Line 176: | ||
You can check the file’s permissions in the numeric notation using the stat command: | You can check the file’s permissions in the numeric notation using the stat command: | ||
- | stat -c " | + | < |
+ | |||
+ | <sxh bash; gutter false;> | ||
644 | 644 | ||
- | Here are some examples of how to use the chmod command in numeric mode: | + | </ |
- | Give the file’s owner read and write permissions and only read permissions | + | Here are some examples of how to use the '' |
- | chmod 644 dirname | + | * Give the file’s owner read and write permissions and only read permissions to group members and all other users: < |
- | Give the file’s owner read, write and execute permissions, | + | |
+ | * Give read, write, and execute permissions, | ||
+ | * Recursively set read, write, and execute permissions to the file owner and no permissions for all other users on a given directory:< | ||
+ | </ | ||
- | chmod 750 dirname | ||
- | Give read, write, and execute permissions, | ||
- | |||
- | chmod 1777 dirname | ||
- | Recursively set read, write, and execute permissions to the file owner and no permissions for all other users on a given directory: | ||
- | |||
- | chmod -R 700 dirname | ||
+ | <WRAP center box 100%> | ||
==== Using a Reference File ==== | ==== Using a Reference File ==== | ||
The --reference=ref_file option allows you to set the file’s permissions to be same as those of the specified reference file (ref_file). | The --reference=ref_file option allows you to set the file’s permissions to be same as those of the specified reference file (ref_file). | ||
- | chmod --reference=REF_FILE FILE | + | < |
- | For example, the following command will assign the permissions of the file1 to file2 | + | |
- | chmod --reference=file1 file2 | + | For example, the following command will assign the permissions of the file1 to file2: |
+ | < | ||
+ | </ | ||
+ | |||
+ | |||
+ | <WRAP center box 100%> | ||
==== Recursively Change the File’s Permissions ==== | ==== Recursively Change the File’s Permissions ==== | ||
To recursively operate on all files and directories under the given directory, use the -R (--recursive) option: | To recursively operate on all files and directories under the given directory, use the -R (--recursive) option: | ||
- | chmod -R MODE DIRECTORY | + | < |
For example, to change the permissions of all files and subdirectories under the /var/www directory to 755 you would use: | For example, to change the permissions of all files and subdirectories under the /var/www directory to 755 you would use: | ||
- | chmod -R 755 /var/www | + | < |
+ | </ | ||
+ | |||
+ | <WRAP center box 100%> | ||
==== Operating on Symbolic Links ==== | ==== Operating on Symbolic Links ==== | ||
Line 228: | Line 224: | ||
By default, when changing symlink’s permissions, | By default, when changing symlink’s permissions, | ||
- | chmod 755 symlink | + | < |
Chances are that instead of changing the target ownership, you will get a “cannot access ‘symlink’: | Chances are that instead of changing the target ownership, you will get a “cannot access ‘symlink’: | ||
- | The error occurs because by default on most Linux distributions symlinks are protected, and you cannot operate on target files. This option is specified in / | + | The error occurs because by default on most Linux distributions symlinks are protected, and you cannot operate on target files. This option is specified in '' |
+ | </ | ||
+ | <WRAP center box 100%> | ||
==== Changing File Permissions in Bulk ==== | ==== Changing File Permissions in Bulk ==== | ||
Sometimes there are situations where you would need to bulk change files and directories permissions. | Sometimes there are situations where you would need to bulk change files and directories permissions. | ||
- | The most common scenario is to recursively change the website file’s permissions to 644 and directory’s permissions to 755. | + | The most common scenario is to recursively change the website file’s permissions to 644 and directory’s permissions to '' |
Using the numeric method: | Using the numeric method: | ||
Line 250: | Line 248: | ||
The find command will search for files and directories under / | The find command will search for files and directories under / | ||
+ | </ | ||
+ |