Linux and Unix

Linux Tutorial : Understand Permissions on files and directories

All files and directories created in a UNIX/Linux file system will be assigned a set of permissions. These permissions affect three sets of users:

  • The owner user
  • The owner group
  • Other users and groups

The rights of each user on the files consist of being able to read, modify or execute. For example, if we use the command ls -l , the following output is obtained:

drwxr-XR-x 2 audain audain 4096 Sep 24 02:03 Doc
-RW-r–r– 1 audain audain 161 Sep 24 02:05 proc1
drwxr-XR-x 2 audain audain 4096 Sep 24 02:03 Scripts
permissions user group

The first column is the permissions, the third is the user who owning the file, and the fourth is the owner group. In the permissions column, the initial d means that the item is a directory; the other elements correspond to the read (r), write (w) or execute (x) rights for ( respectively) the owner, the Group and the others. So the Proc1 file can be read and modified by its owner, but only read by the Group and the rest of the world.

The permissions of a user type are represented by a sequence of three bit, those decimal value can therefore be 0 to 7 (3 bits: 23 = 8 possible values). The reading right corresponds to the first bit, writing to the second, and executing to the third:

0 0 0

reading writing

If we convert these binary values into decimal, we have:

Exec

4 reading

2 writing

1 execution

To set access right for a user type using a single decimal number, the sum of these values is summed: for example “r-x” (read and execute) represent three bits 1, 0,1, so at 4 + 1 = 5 (“101” in binary is the number 5…). The number 5 therefore means that the given user type has the read and execute rights on the file.

To define the access rights for all (the owner, the Group and the others), we will makes three sums. For example:

 

rwxr -xr-    x

7        6     6

Command chmod

The command to change the permissions on a file is chmod; its syntax is as follows:

CHMOD MODE FILE

The mode can be represented by the three decimal numbers as explained above, for example:

chmod 664 Proc1

But you can also use symbolic notation to designate the mode. This is based on a letter that designates the categories of users (u, g, o or a), an operator (+,-or =) and a set of permissions (r, w, or x).

u user

g Group

o other

a all

For example, to remove the read rights to the Group on a file, the command is as follows:

chmod g-r Proc1

You can also put more than one symbol on either side of the operator. For example, for all types of users to be able to have read and execute rights:

chmod a=rx Proc1

Umask

When a user creates directories or files, the permissions assigned by default are as follows:

  • directories : 755
  • files : 644

These default permissions can be changed by changing the permissions mask associated with each user. The mask is a sequence of three numbers that should be subtract from 777 in the case of directories and 666 in the case of files. By example:

list file
777 666
mask 022 022
result 755

rwxr-XR-x

644

RW-r–r–

list file
777 666
mask 077 077
result 700

rwx——

600

RW——

A user’s mask can be specified in the . bashrc file of his/her personal directory with the following directive:

umask 022