A tutorial for changing file permissions with Chmod on Linux

In Linux, file access is managed via file permissions, attributes, and ownership. This ensures that only authorized users and processes can access files and directories.

This tutorial covers how to use commands chmod To change file and directory access permissions.

File access permissions explained in Linux

Before we proceed, let’s talk about the basic permission model on Linux systems.

In Linux, each file is associated with an owner and a group with permissions for three different classes of users:

  • Owner’s file
  • Members of the group.
  • Others (users of certain services or not users (for everyone)).

The ownership status of a file can be changed using the command chown And the chgrp.

There are three types of file permissions that apply to each category:

  • Read permission.
  • Write permission.
  • Execution permission (execution).

This concept allows you to specify which users are allowed to read the file, write to the file, or play the file.

File permissions can be viewed using the command ls:

ls -l filename.txt
-rw-r--r-- 12 linuxid users 12.0K Apr  8 21:52 filename.txt
|[-][-][-]-   [------] [---]
| |  |  | |      |       |
| |  |  | |      |       +-----------> 7. Group
| |  |  | |      +-------------------> 6. Owner
| |  |  | +--------------------------> 5. Alternate Access Method
| |  |  +----------------------------> 4. Izin Akses Other 
| |  +-------------------------------> 3. Izin Akses Group 
| +----------------------------------> 2. Izin Akses Owner 
+------------------------------------> 1. Tipe File

The first letter indicates the type of file. This could be a normal file (-), Guide (d), Symbolic link (l), Or other special file types.

The next nine characters represent file permissions, triplets of three letters each. The first triple shows the owner permissions, the second the group permissions, and the last three shows the permissions for all non-users. Permissions can have different meanings depending on the file type.

In the example above (rw-r--r--(It means only the owner of the file can read and write the file)rw-), Groups and others only read (r--).

Each of the three-way permissions can be designed from the following characters and have different effects, depending on whether they are set to a file or to a directory:

The effect of access permissions on files

Permission level Letter The meaning of the characters
Read - The file could not be read. You cannot view the contents of the file.
r Files can be read
Writing - Files cannot be changed or modified.
w Files can be changed or modified.
Execute - The file could not be executed.
x Executable files.
s If you find it on the triple user Hence the character s Set the thing setuid. If found in the treble group, it identifies the bits setgid. This also means that the x On set.
When setuid or setgid An executable file, an executable file with file owner and / or group privileges.
S Like s But flags x Not set. This tag is rarely used in files.
t If you find it on the triple others sort sticky A little.
It also means x The flag was set. This tag is useless for files.
T Together with t But flags x Not set. This tag is useless for files.

The effect of access permission on directories (folders)

In Linux, Directory is a special type of file that contains files and other directories.

Permission level Letter Meaning of personality
Read - The directory content could not be displayed.
r Directory content can be viewed.
(For example, you can display a list of files in the directory using the ls)
Writing - The content of the directory cannot be changed.
w The contents of the directory can be changed.
(For example, you can create new files and delete files … etc)
Execute - The directory cannot be changed.
x The directory can be navigated using commands cd.
s If you find it on the triple user, Then adjust the bit setuid. If you find it on the triple group, Then adjusts the bit setgid. This also means that the x is set. When setgid In the directory, new files created in it inherit the group identifier (GID) for the directory instead of the primary group identifier of the user who created the file.
setuid It has no effect on the evidence.
S Like s But flags x Not set. This tag is useless in directories.
t If you find it on the triple othersArrange sticky A little.
This also means that the x In use. When applying the sticky bit to a directory, only the file owner, directory owner, or administrative user can delete or rename files in the directory.
T Together with t But flags x Not set. This tag is useless to be placed in directories.

Using commands chmod

Command chmod It takes the following general forms:

chmod [OPTIONS] MODE FILE...

Command chmod It allows you to change permissions on files with symbolic, digital, or reference files. We will describe fashion in more detail later in this article. The command can accept one or more files or folders separated by spaces as arguments.

Only the root or the owner of the file or additional with rights sudo Which can change file permissions. Be careful when using chmodEspecially when changing permissions frequently.

Symbolic method (text)

Syntax of the command chmod When using symbolic mode, it has the following format:

chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE...

First Flag Group ([ugoa…]), Tag user, specifies which group of users will change file permissions.

  • u – The owner of the file.
  • g – Users who are members of the group.
  • o – All other users.
  • a – All users are identical to ugo.

If the user tag is removed, it toggles the default, that is a Permissions set by umask are not affected.

The second group of flags ([-+=]), Process sign, whether permission should be removed, added, or applied:

  • - Remove the specified permissions.
  • + Adds the specified permissions.
  • = Change the current permission to the specified permission. If permissions are not specified after the icon =, All permissions for the selected user category will be removed.

Permission (perms...) Explicitly using zero, one or more of the following characters: r, w, x, X, sAnd and t. Use one letter from the group uAnd the gAnd and o When copying permissions from one user category to another.

When assigning permissions to more than one user category ([, …]), Use commas (no spaces) to separate symbolic mode.

Here are some examples of how to use the commands chmod In the symbolic mode:

  • Give group members permission to read the files, but not write and execute:
    chmod g=r namafile
    
  • Remove execution permissions for all users:
    chmod a-x namafile
    
  • Remove other users’ write permissions:
    chmod -R o-w dirname
    
  • Remove read, write and execute permissions for all users except the file owner:
    chmod og-rwx namafile
    

    The same can be done using the following form:

    chmod og= namafile
    
  • Grant the owner of the file read, write and execute permissions, read permission to group files, and disallow all other users:
    chmod u=rwx,g=r,o= namafile
    
  • Add permissions to the same group as the file owner:
    chmod g+u namafile
    
  • Add sticky bits to the specified directory:
    chmod o+t dirname
    

Chmood in the digital way

Syntax of the command chmod When using digital methods, they have the following format:

chmod [OPTIONS] NUMBER FILE...

When using digital mode, you can set permissions for all three categories of users (owner, group, and others) at the same time.

NUMBER It can be a 3 or 4 digit number.

When using a 3-digit number, the first number represents the permissions of the file owner, the second number from the file group and the last for all other users.

Each permission has write, read and execute the following numerical values:

  • r (Reading) = 4
  • w (Writing) = 2
  • x (Execute) = 1
  • No permissions = 0

The permission number for a specific user category is represented by the number of permission values ​​for that group.

To see file permissions in digital mode, simply count the total for all user groups. For example, to grant read, write, and execute permissions to file owners, read and execute permissions for group files and read only permissions to all other (other) users, you can do the following:

  • Owner: rwx = 4 + 2 + 1 = 7
  • Group: rx = 4 + 0 + 1 = 5
  • Others: rx = 4 + 0 + 0 = 4

Using the above method we get to the numbers 754, Which represents the required permission.

To set flags setuidAnd the setgidAnd and sticky bit,Use four digits.

When using a 4-digit number, the first digit has the following meaning:

  • setuid = 4
  • setgid = 2
  • Sticky = 1
  • No change = 0

The next three numbers have the same meaning when using 3 numbers.

If the first number is 0, then it can be omitted, and the situation can be represented by 3 digits. Putting numbers 0755 It has the same value and result 755.

To calculate the digital mode, you can also use another method (binary method), but it is a little more complicated. Knowing how to calculate the numeric mode with 4, 2 and 1 is sufficient for most users.

You can check file permissions in digital notation by using the command stat:

stat -c "%a" filename
644

Here are some examples of how to use the chmod command in digital mode:

  • Grant file owners read, write, and read permissions only to group members and all other users:
    chmod 644 dirname
    
  • Grant file owners read, write and execute permissions, read and execute permissions for group members, no permissions for all other users:
    chmod 750 dirname
    
  • Grant read, write, execute, and install permissions to the specified directory:
    chmod 777 dirname
    
  • Repeatedly assign read, write and execute permissions to the file owner and there are no permissions for all other users in the specified directory:
    chmod -R 700 dirname

Use reference files

Selection --reference=ref_file It allows you to set the file permissions to be the same as those for the specified reference file (ref_file).

chmod --reference=REF_FILE FILE

For example, the following command will give the same permission from file1 to me file2

chmod --reference=file1 file2

How to change file permissions frequently

To repeatedly work on all files and directories within a specific directory, use the option -R (--recursive):

chmod -R MODE DIRECTORY

For example, to change the permissions for all files and subdirectories within a directory /var/www to me 755 You will use:

chmod -R 755 /var/www

It works on symbolic links

Note that symbolic links are always licensed 777.

By default, when you change the permissions for the symbolic link, chmod will change the permissions on the file that the link points to.

chmod 755 symlink

Chances are, instead of changing the target’s ownership, you’ll get the error message “Cannot access Symbolic Link: Permission denied“.

This error occurs on most Linux distributions, and you cannot work on the target file. This option is specified in /proc/sys/fs/protected_symlinks. Selection 1 Means the activator and 0 I mean, the disabled. It is recommended not to disable this feature for security reasons.

File permissions change bulk

Sometimes there are situations where you need to change file and directory permissions in bulk. Instead of searching one by one, we will use a simpler and faster method.

The most common scenario is that file permissions on a website are frequently changed to 644 And they become directory permissions 755.

Examples of using numerical methods:

find /var/www/website -type d -exec chmod 755 {} ;
find /var/www/website -type f -exec chmod 644 {} ;

Examples of using the symbolic method:

find /var/www/website -type d -exec chmod u=rwx,go=rx {} ;
find /var/www/website -type f -exec chmod u=rw,go=r {} ;

Command find It will search for files and directories in /var/www/website And pass any existing files and directories to the command chmod To set permissions.

Conclusion

Command chmod Used to change file permissions. Permissions can be set using two modes, with symbolic or digital.

To learn more about chmod, visit the chmod manual page.

.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *