- Linux makes use of a basic permissions system to control user access to files and directories.
- Long list current folder files and permissions
ls -la
total 136
drwxr-xr-x 24 user user 4096 set 12 18:48 .
drwxr-xr-x 3 root root 4096 apr 13 2021 ..
drwxrwxr-x 8 user user 4096 lug 25 19:36 .atom
-rw------- 1 user user 13454 set 12 22:15 .bash_history
-rw-r--r-- 1 user user 220 apr 13 2021 .bash_logout
-rw-r--r-- 1 user user 3795 apr 28 2021 .bashrc
drwx------ 18 user user 4096 apr 12 15:22 .cache
drwxrwxr-x 2 user user 4096 apr 12 15:46 code
drwx------ 24 user user 4096 set 6 21:09 .config
drwxr-xr-x 2 user user 4096 lug 25 19:37 Desktop
drwxr-xr-x 7 user user 4096 set 12 18:43 Documents
[...]- The first column displays the permissions, which consist of 10 fields divided into 4 blocks
d rwx r-x r-x
-
1st character - file type,
-for regular file,dfor directory,lfor symbolic link. -
2nd block - owner permissions (user in the 3rd
ls -laoutput column) -
3rd block - group permissions (group in the 4th
ls -laoutput column) -
4th block - others/world permissions
-
r - read
-
w - write
-
x - execute
- Execute permission for a directory determines if a user can execute a command in that directory
-
rootuser can access any file on the filesystem!
📌 Understand Linux file permissions.
chmod- change file mode bits
chmod --help
Usage: chmod [OPTION]... MODE[,MODE]... FILE...
or: chmod [OPTION]... OCTAL-MODE FILE...
or: chmod [OPTION]... --reference=RFILE FILE...
Change the mode of each FILE to MODE.
With --reference, change the mode of each FILE to that of RFILE.
-c, --changes like verbose but report only when a change is made
-f, --silent, --quiet suppress most error messages
-v, --verbose output a diagnostic for every file processed
--no-preserve-root do not treat '/' specially (the default)
--preserve-root fail to operate recursively on '/'
--reference=RFILE use RFILE's mode instead of MODE values
-R, --recursive change files and directories recursively
--help display this help and exit
--version output version information and exit
Each MODE is of the form '[ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+'.- Symbolic Mode
ls -l file1.txt
-rw-rw-r-- 1 user user 6 set 3 00:16 file1.txt
# Change the file1.txt permissions, by removing group write permissions
chmod g-w file.txt
-rw-r--r-- 1 user user 6 set 3 00:16 file1.txt
# Change permissions to allow only the owner to read the file
chmod a=,u=r file1.txt
# No permissions for all users and read permissions for the owner
-r-------- 1 user user 6 set 3 00:16 file1.txt- Numeric octal Mode
| Octal number | Permissions | File listing |
|---|---|---|
| 7 (4+2+1) | read, write and execute | rwx |
| 6 (4+2+0) | read and write | rw- |
| 5 (4+0+1) | read and execute | r-x |
| 4 (4+0+0) | read only | r-- |
| 3 (0+2+1) | write and execute | -wx |
| 2 (0+2+0) | write onyl | -w- |
| 1 (0+0+1) | execute only | --x |
| 0 (0+0+0) | none | --- |
stat -c "%a" file1.txt
400
# Assign read/write permissions to owner and group, read permissions to everyone else
chmod 664 file1.txt
-rw-rw-r-- 1 user user 6 set 3 00:16 file1.txt📌 Check advanced chmod usage and NetTools calculator or Chmod Calculator.
chown- change the owner and group of each file
chown --help
Usage: chown [OPTION]... [OWNER][:[GROUP]] FILE...
or: chown [OPTION]... --reference=RFILE FILE...
Change the owner and/or group of each FILE to OWNER and/or GROUP.
With --reference, change the owner and group of each FILE to those of RFILE.
-c, --changes like verbose but report only when a change is made
-f, --silent, --quiet suppress most error messages
-v, --verbose output a diagnostic for every file processed
--dereference affect the referent of each symbolic link (this is
the default), rather than the symbolic link itself
-h, --no-dereference affect symbolic links instead of any referenced file
(useful only on systems that can change the
ownership of a symlink)
--from=CURRENT_OWNER:CURRENT_GROUP
change the owner and/or group of each file only if
its current owner and/or group match those specified
here. Either may be omitted, in which case a match
is not required for the omitted attribute
--no-preserve-root do not treat '/' specially (the default)
--preserve-root fail to operate recursively on '/'
--reference=RFILE use RFILE's owner and group rather than
specifying OWNER:GROUP values
-R, --recursive operate on files and directories recursively
The following options modify how a hierarchy is traversed when the -R
option is also specified. If more than one is specified, only the final
one takes effect.
-H if a command line argument is a symbolic link
to a directory, traverse it
-L traverse every symbolic link to a directory
encountered
-P do not traverse any symbolic links (default)
--help display this help and exit
--version output version information and exit
Owner is unchanged if missing. Group is unchanged if missing, but changed
to login group if implied by a ':' following a symbolic OWNER.
OWNER and GROUP may be numeric as well as symbolic.
Examples:
chown root /u Change the owner of /u to "root".
chown root:staff /u Likewise, but also change its group to "staff".
chown -hR root /u Change the owner of /u and subfiles to "root".
# Give file ownership to "root"
sudo chown root file1.txt
-rw-rw-r-- 1 root user 6 set 3 00:16 file1.txt
# It can be used for group changing too with "root:root"chgrp- change the group of each file
sudo chgrp root file1.txt
-rw-rw-r-- 1 root root 6 set 3 00:16 file1.txt- These commands are useful when extracting files from an archive or making a directory available to all users (like a software in /opt).