How to Use chmod and chown, Understanding Permissions in Linux

Tutorial Dec 08, 2020

Linux is a file-based multi-user Operating System. Not just regular files, but Linux considers everything as a file,  including drives,  printers, sound devices, USB devices, etc. Even directories are actually special types of files, but its contents are controlled by the system, and the contents are listings of other files and directories (sub-directories).

The actions you are able to perform on a file, in a Linux system depends on the file's ownership and permissions. Before jumping into the usage of chmod and chown, it's wise to understand a few things about file ownerships and permissions.

THE BASIC PERMISSIONS

As Linux users, we need to be aware of the three basic file permissions, they are read, write, and execute. The words itself give us an idea of what they represent. Depending on whether its a file or a directory we are working with, what these permissions offer us can differ a little.

FILES

Read: If you have read permission to a file, it means you can read the contents of the file. For example, you'll be able to use the cat command on the file.

Write: If you have write permission to a file, it means you can modify the contents of a file.

Execute: If you have execute permission to a file, it means you can execute it. This permission is relevant only for executable files, like binary files or script files like BASH scripts, Python scripts, etc.

DIRECTORIES

Read: Allows you to see the contents of a directory.

Write: Allows you to create or delete files and sub-directories in the directory, provided that you also have execute permission.

Execute: Without execute permission the only thing you can do with a directory is to list the names of its contents.

PERMISSION SCOPES

Permissions are managed in three distinct scopes. These scopes are known as user, group, and others.

User: The user that the file belongs to. By default, this would be the person who created the file. This can be changed later.

Group: The group that the file belongs to. By default, when a file is created, it will belong to the group of the user who created the file. This can be changed later.

Others: A person who neither owns the file, nor belongs to the group which owns the file. Meaning, everybody else

Note: Permissions from different scopes won't stack up.  For example, if you belong to the group scope of a file and does not belong to the file's user scope, you will get the group permissions of that file, permissions of the others scope and user scope do not apply to you.

Note: If you belong to both the user scope and group scope of a file, you will have the group scope permissions of that file. The user scope permissions will be ignored.

READING A FILE'S PERMISSIONS

We can use the ls command with the -l switch to see file permissions of files, for example,

ls -l fish.sh
-rwxrwxr-x 1 penguin penguin 1 Dec  8 04:32 fish.sh

SYMBOLS

The -rwxrwxr-x part of the output from ls -l is what we need to be looking at. Aside from the first character, which tells you what type of file it is, the rest of the nine characters represent the file's permissions. The first 3 of the nine characters shows the user scope permissions, the next 3 characters shows the group scope permissions. And finally, the last 3 characters tells us what permissions others have.

linux file permissions

user: can read, write and execute the file.
group: can read, write and execute the file.
others: can read and execute the file. but can't write to the file.

NUMBERS

The second way to represent the same permissions is by using octal numbers.

Unfortunately the ls command does not offer us a way to see the permissions in octal format. Instead we can do,

stat -c "%a"  fish.sh
775

We can see that the file's permissions is 775 in octal format. The first digit represents permissions of the user, the second digit represents permissions of the group and the last digit represents permissions for others.

How does Linux represent read, write and execute for a single role in a single digit? Its just a simple matter of addition. Each permission has a certain octal value behind it. And if you want to add more than one permission into a role, you add up those permission values.

Permission Octal Value
read 4
write 2
execute 1
no permission 0

7 = 4 + 2 + 1 (read + write + execute) user permissions
7 = 4 + 2 + 1 (read + write + execute) group permissions
5 = 4 + 1 (read + execute) others permissions

775 is the same as rwxrwxr-x
777 is the same as rwxrwxrwx
755 is the same as rwxr-xr-x
666 is the same as rw-rw-rw-
744 is the same as rwxr--r--

USING chmod

So, now that you have an understanding of permissions. using chmod would not be that difficult. What can we do with chmod? It is used to modify the permissions of files. You can use either the symbolic way of representing permissions or the numeric way when using chmod, its your choice. Personally, I think numbers are easier.

As an example, to set 600 as the permissions for a file named names.txt in our current directory, the command would be,

chmod 600 names.txt

What does 600 mean for the file? 6 as the first digit means that it's a combination of read and write without execute as permissions for users. 0 for both group and others means that no permissons are not set for those scopes.

USING chown

And chown helps with changing the user and group of files. The command to change the user of the file names.txt to "neo" would be,

chown neo names.txt

To change the user and group,

chown neo:matrix names.txt

To change only the group, you need to use the chgrp command.

chgrp matrix names.txt

Tags

Lime

Simple, like quantum physics.