File Permissions

File Permissions in Linux

File permissions are a key aspect to any modern operating system. Some files
should not be accessed by regular users, or they may corrupt a program that
requires those files. The way the syntax for what i am about to perform is such:

– rwx — —

1. Type of file : Where – is a file, d is a directory and i is a link.
2. User : Read, Write, or Execute (or combinations)
3. Group : Read, Write , or Execute (or combinations)
4. Other Users : Read , Write, or Execute (or combinations)

In parts 2,3 and 4, if a flag is turned off (if the user cant read,write,or
execute the file) then it will appear as a ‘-‘ rather then the abbreviation.
The ‘x’ in the flag stands for execute . So let me run this in a folder i
probably should not be in to show what files i can read, write , or execute:

 clim@debian:/etc/X11$ ls -l
total 84
drwxr-xr-x 2 root root  4096 Sep  1 10:53 app-defaults
-rw-r--r-- 1 root root    18 Aug 30 15:05 default-display-manager
drwxr-xr-x 6 root root  4096 Sep  9  2018 fonts
drwxr-xr-x 3 root root  4096 Sep  9  2018 ja_JP.eucJP
drwxr-xr-x 3 root root  4096 Sep  9  2018 ko_KR.eucKR
-rw-r--r-- 1 root root 17394 Nov 23  2016 rgb.txt
drwxr-xr-x 2 root root  4096 Sep  1 10:53 xinit
drwxr-xr-x 2 root root  4096 Jul 18  2017 xkb
-rwxr-xr-x 1 root root   709 Nov 23  2016 Xreset
drwxr-xr-x 2 root root  4096 Sep  9  2018 Xreset.d
drwxr-xr-x 2 root root  4096 Sep  9  2018 Xresources
-rwxr-xr-x 1 root root  3517 Nov 23  2016 Xsession
drwxr-xr-x 2 root root  4096 Sep  5 19:28 Xsession.d
-rw-r--r-- 1 root root   265 Nov 23  2016 Xsession.options
drwxr-xr-x 2 root root  4096 Sep  1 10:53 xsm
-rw-r--r-- 1 root root    13 Dec  5  2016 XvMCConfig
-rw-r--r-- 1 root root   630 Sep  9  2018 Xwrapper.config

Interesting! Okay so you see that some of the files can be executed by anyone
on the system . As you can see there are some directories in there as well. Now
let me get into a sandbox directory and show you how you would change
permissions to a file. the command is chmod and it takes in a number in octal,
and the file you are trying to change. The octal number works really well with
this because there are only 8 combinations to what you can do. the first number
represents the current user (you), the second represents the the group it is
associated with, and the third represents the other users on the system.

clim@debian:~/Desktop/Tests/fileperm$ ls -l
total 0
-------rwx 1 clim clim 0 Sep  5 21:02 all
---------x 1 clim clim 0 Sep  5 21:01 execute
-------r-- 1 clim clim 0 Sep  5 21:01 read
--------w- 1 clim clim 0 Sep  5 21:01 write
clim@debian:~/Desktop/Tests/fileperm$ chmod 444 read
clim@debian:~/Desktop/Tests/fileperm$ ls -l
total 0
-------rwx 1 clim clim 0 Sep  5 21:02 all
---------x 1 clim clim 0 Sep  5 21:01 execute
-r--r--r-- 1 clim clim 0 Sep  5 21:01 read
--------w- 1 clim clim 0 Sep  5 21:01 write

As you can see i told the system to change the file permissions of read to
allow me to read, allow the group associated with the file to read, and allow
other users to read. This is how it is represented:
i. 0 = no privileges (—)
ii. 1 = execute file (–x)
iii. 2 = write file (-w-)
iv. 3 = execute and write file (-wx)
v. 4 = read file (r–)
vi. 5 = read and execute file (r-x)
vii. 6 = read and write file (rw-)
viii. 7 = read, write , and execute file (rwx)

And last lets check out the manpage:

  clim@debian:~/Desktop/Tests/fileperm$ man chmod
  CHMOD(1)                         User Commands                        CHMOD(1)

         chmod - change file mode bits

         chmod [OPTION]... MODE[,MODE]... FILE...
         chmod [OPTION]... OCTAL-MODE FILE...
         chmod [OPTION]... --reference=RFILE FILE...

         This manual page documents the GNU version of chmod.  chmod changes the
         file mode bits of each given file according to mode, which can  be  ei‐
         ther  a  symbolic representation of changes to make, or an octal number
         representing the bit pattern for the new mode bits.

         The format of a symbolic mode is  [ugoa...][[-+=][perms...]...],  where
         perms  is  either zero or more letters from the set rwxXst, or a single
         letter from the set ugo.  Multiple symbolic modes can be  given,  sepa‐
         rated by commas.

         A  combination  of the letters ugoa controls which users' access to the
         file will be changed: the user who owns it  (u),  other  users  in  the
         file's group (g), other users not in the file's group (o), or all users
         (a).  If none of these are given, the effect is as if (a)  were  given,
         but bits that are set in the umask are not affected.

         The  operator  +  causes the selected file mode bits to be added to the
         existing file mode bits of each file; - causes them to be removed;  and
         = causes them to be added and causes unmentioned bits to be removed ex‐
         cept that a directory's unmentioned set user and group ID bits are  not

         The  letters  rwxXst select file mode bits for the affected users: read
         (r), write (w), execute (or search for directories) (x), execute/search
         only  if  the file is a directory or already has execute permission for
         some user (X), set user or group ID on execution (s), restricted  dele‐
         tion  flag or sticky bit (t).  Instead of one or more of these letters,
         you can specify exactly one of the letters ugo: the permissions granted
         to  the  user  who  owns the file (u), the permissions granted to other
         users who are members of the file's  group  (g),  and  the  permissions
         granted  to  users  that are in neither of the two preceding categories

         A numeric mode is from one to  four  octal  digits  (0-7),  derived  by
         adding up the bits with values 4, 2, and 1.  Omitted digits are assumed
         to be leading zeros.  The first digit selects the set user ID  (4)  and
         set group ID (2) and restricted deletion or sticky (1) attributes.  The
         second digit selects permissions for the user who owns the  file:  read
         (4),  write  (2),  and  execute  (1); the third selects permissions for
         other users in the file's group, with the same values; and  the  fourth
         for other users not in the file's group, with the same values.

         chmod never changes the permissions of symbolic links; the chmod system
         call cannot change their permissions.  This is not a problem since  the
         permissions  of  symbolic links are never used.  However, for each sym‐
         bolic link listed on the command line, chmod changes the permissions of
         the pointed-to file.  In contrast, chmod ignores symbolic links encoun‐
         tered during recursive directory traversals.

         chmod clears the set-group-ID bit of a regular file if the file's group
         ID  does  not  match the user's effective group ID or one of the user's
         supplementary group IDs, unless the user  has  appropriate  privileges.
         Additional restrictions may cause the set-user-ID and set-group-ID bits
         of MODE or RFILE to be ignored.  This behavior depends  on  the  policy
         and  functionality of the underlying chmod system call.  When in doubt,
         check the underlying system behavior.

         For directories chmod preserves set-user-ID and set-group-ID  bits  un‐
         less  you  explicitly specify otherwise.  You can set or clear the bits
         with symbolic modes like u+s and g-s.  To clear these bits for directo‐
         ries  with a numeric mode requires an additional leading zero, or lead‐
         ing = like 00755 , or =755

         The restricted deletion flag or sticky bit is a single bit,  whose  in‐
         terpretation  depends  on  the file type.  For directories, it prevents
         unprivileged users from removing or renaming a file  in  the  directory
         unless  they  own  the  file  or  the directory; this is called the re‐
         stricted deletion flag for the directory,  and  is  commonly  found  on
         world-writable  directories like /tmp.  For regular files on some older
         systems, the bit saves the program's text image on the swap  device  so
         it will load more quickly when run; this is called the sticky bit.

         Change  the  mode  of  each FILE to MODE.  With --reference, change the
         mode of each FILE to that of RFILE.

         -c, --changes
                like verbose but report only when a change is made

         -f, --silent, --quiet
                suppress most error messages

         -v, --verbose
                output a diagnostic for every file processed

                do not treat '/' specially (the default)

                fail to operate recursively on '/'

                use RFILE's mode instead of MODE values

         -R, --recursive
                change files and directories recursively

         --help display this help and exit

                output version information and exit

         Each          MODE          is          of           the           form

         Written by David MacKenzie and Jim Meyering.

         GNU coreutils online help: 
         Report chmod translation bugs to 

         Copyright  ©  2018  Free Software Foundation, Inc.  License GPLv3+: GNU
         GPL version 3 or later .
         This is free software: you are free  to  change  and  redistribute  it.
         There is NO WARRANTY, to the extent permitted by law.


         Full documentation at: 
         or available locally via: info '(coreutils) chmod invocation'

  GNU coreutils 8.30               February 2019                        CHMOD(1)

This is pretty interesting, so also you can write it as such:

clim@debian:~/Desktop/Tests/fileperm$ chmod u=rwx,g=rx,o=r myfile

This stands for user=read,write,execute, group=read,execute,others=read or in
octal : 754

2 thoughts on “File Permissions

Leave a Reply