Managing access permissions with chmod, chgrp, chown, and umask

Modifying Permissions

The chmod program lets you modify file and directory permissions, assuming you are the owner or the system administrator. chmod lets you set the permissions using either letters or numbers.

If you are using letters, u stands for "user" (owner), g for "group," and o for "others" (all other users). As I described previously, r stands for "read," w for "write," x for "execute," s for the setuid/setgid bit, and t for the sticky bit.

A combination of these letters (without spaces!) with plus, minus, and equals signs tells chmod to add, remove, or assign these permissions (Table 1). To give a group read and write permissions for a file, just type chmod g+rw file. Removing permissions follows the same pattern: The chmod o-rwx file command removes all permissions for all users who are neither the owner nor members in the owner group. You could combine these two commands:

Tabelle 1

Permissions

Octal number

Letters

0

- - -

1

- -x

2

-w-

3 (= 2 + 1)

-wx

4

r- -

5 (= 4 + 1)

r-x

6 (= 4 + 2)

rw-

7 (= 4 + 2 + 1)

rwx

chmod g+rw,o-rwx <file>

As I mentioned before, an equal sign lets you assign precisely the permissions specified at the command line. For example, the command

chmod ugo=rxw <directory>

gives the owner, group members, and all other users read, write, and execute permissions for the directory in question. Instead of ugo, you could alternatively use a (for "all") to assign user, group, and other permissions.

The chmod program also understands numbers. Instead of specifying the permissions with letters, you can pass in three- or four-digit octal numbers (see "Octal Numbers").

Octal Numbers

The octal system uses base 8; that is, it includes just eight numbers from 0 and 7. The next number after 7 is 10, 20 follows 17, and so on. Every digit in an octal number is represented by three bits; in the case of permissions, the three bits specify what a user class is allowed to do.

Calculate the numbers as follows: 4 stands for read permission, 2 for write permission, and 1 for execute permission. The first number refers to the owner, the second number to the group, and the third to all others. On this basis, you can see, for example, 644 would mean u=rw,go=r (resulting in rw-r- -r- -), or 777 would be a=rwx (resulting in rwxrwxrwx). Table 1 provides more details on the system of octal codes.

To set the s or t bit, you need to add this as a fourth number at the start of the block of three. The number 4 represents the s bit for the owner (setuid), 2 sets the s bit for the group (setgid), and 1 sets the t bit. Listing 2 gives an example. Note that, after running the chmod command, all users are permitted to read and execute the file; furthermore, the s bit has been set for the owner.

Listing 2

Setting the s bit by number

01 $ ls -l script.sh
02 -rw-r--r-- 1 heike heike 3191789 Oct 6 05:01 script.sh
03 $ chmod 4755 script.sh
04 $ ls -l script.sh
05 -rwsr-xr-x 1 heike heike 3191789 Oct 6 05:01 script.sh

Changing Group Memberships

To change group membership for files and directories, you can use the chgrp tool. Keep in mind, that Linux takes extra precautions with this command: As a "normal" user, you are allowed to assign your own files to specific groups; however, this assumes that you are a member of the group in question. The root user, as always, has no restrictions.

The following command tells you your own group memberships:

$ groups
petronella adm dialout fax cdrom tape audio dip video plugdev fuse lpadmin netdev admin sambashare

In this case, the user called petronella may change access to her own files for members of the groups petronella, adm, dialout, fax, cdrom, and so on. The chgrp command first expects information about the new group and then the name of the file or directory. Type the following

chgrp audio <file>

to assign a file to the audio group.

Buy this article as PDF

Express-Checkout as PDF

Pages: 4

Price $2.95
(incl. VAT)

Buy Raspberry Pi Geek

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content