The UNIX file permissions are called Modes.
If you're coming over from Windows you probably never heard of file permissions, because Windows hides them (like so many other things) from you. However, they are really useful when correctly understood and applied by the User.
File permissions define who can access a particular file in which way (and to which extent). These permissions can be given to three classes:
- User (Owner of the file)
- Group (Group which owns the file)
- Other (all users not included in the above classes)
There are also three permissions:
- read (R), numerical value: 4
- write (W), numerical value: 2
- execute(X), numerical value: 1
The three permissions can be assigned to each of the three classes separately.
There are two ways of representing these values: either the numerical representation or the symbolic notation.
Symbolic Notation
The Symbolic notation works pretty simple. You simply type the letters out after each other in the correct order:
$ drwx rwx rwx # DIRECTORY | USER | GROUP | OTHER
-> d: this is a directory
-> first rwx: User (Owner) can read, write and execute
-> second rwx: Group can read, write and execute
-> third rwx: Everyone else can also read, write and excute
BTW: this is usually bad
To forbid a permissions, simply us a "-"
$ -rwxrw-r--
-> no d: this is a file (not a directory)
-> first rwx: User can read, write and execute
-> second rw-: Group members can read and write, but not execute
-> third r--: Everyone can read, but not execute or write
For important files (such as config-files) the following setup should be used:
$ -rw-----
-> not a directory
-> rw: User (Owner) can read and write
-> Everyone else can't do anything with the file
You can view more examples of the symbolic notation by typing:
$ ls -l
Numerical Notation
The numerical notation (which is actually the Octal representation)works a little bit different. It uses the Base 8 Octal numbering system which goes from 0-7. Each permission is assigned a specific value (see top) and you create different permissions by adding up these numbers. At first, it can be a bit confusing, but once you've figured it out, it is pretty straight forward (and quicker).
These octal numbers can easily be seen as binary numbers, i.e.:
7 5 5 #Octal
111 101 101 #Binary
rwx r-x r-x #Permissions
Thanks to @bradscoolio
To create the permission R+W, we need to add 4 and 2 (=6).
To create the permission R+W+X, we need to add 4, 2 and 1 (=7).
For read-only mode, we simply use 4.
An example:
$ 764 ( = -rwxrw-r-- )
-> User (Owner) can read, write and execute (4+2+1).
-> Group members can read and write (4+2).
-> Everyone else can read (4).
$ 600 ( = -rw------- )
-> User (Owner) can read and write.
-> Group members can not read, write or execute.
-> Everyone else can not read, write or execute.
Understood? Good! (If not simply post below)
How do I modify File permissions?
To change file permissions, Linux offers the tool chmod (to change modes).
Syntax:
$ chmod MODE FILE
MODE can either be the numerical or symbolic notation of the permissions.
It should be noted that you can shorten the symbolic notation by using the operators "+" and "-".
Also, to change the modes of a file, you need to own the file (-> chown).
$ chmod a+x file # Adds execution permission for all users (not just owner)
$ chmod 777 file # Gives all users (not just owner) R+W+X permissions
$ chmod +x file # Adds execution permission for user (owner)
$ chmod g-rw file # Removes R+W permissions from group members
You can check the current Modes with:
$ ls -l
Most important Modes:
$ chmod 600 file # owner can read and write
$ chmod 700 file # owner can read, write and execute
$ chmod 666 file # all can read and write
$ chmod 777 file # all can read, write and execute
Thanks to @cj1
Change Owner / Group of a file
To change the owner (user) and/or group of file, Linux offers the tools chown (change owner) as well as chgrp (change group).
Using chown you can change the owner and group of a file or folder:
$ ls -l
drwxr-xr-x 2 user user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x 2 user user 4.0K Nov 15 02:33 Documents
drwxr-xr-x 3 user user 4.0K Mar 28 16:04 Downloads
In the above, the user and group are the same user, but lets change the owner of one to bob:
$ chown bob Desktop
$ ls -l
drwxr-xr-x 2 bob user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x 2 user user 4.0K Nov 15 02:33 Documents
drwxr-xr-x 3 user user 4.0K Mar 28 16:04 Downloads
Now bob owns Desktop. But want if we want the file to belong to bobs group as well? There is a quick shorthand:
$ chown bob:bob Downloads
drwxr-xr-x 2 bob user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x 2 user user 4.0K Nov 15 02:33 Documents
drwxr-xr-x 3 bob bob 4.0K Mar 28 16:04 Downloads
If you want to change only the group, and not the user, use chgrp instead:
$ chgrp bob Downloads
drwxr-xr-x 2 bob user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x 2 user bob 4.0K Nov 15 02:33 Documents
drwxr-xr-x 3 bob bob 4.0K Mar 28 16:04 Downloads
You may need to be root/use sudo to change the owner or group
Remember to use the -R argument (like chmod og+rw /home/me -R) to make it apply permissions to all the subfolders as well.
Thanks to @penguinpowernz
Default values (umask)
umask is the 'creation mask' for new files. That means umask is resposible for controlling the file permission a new file will get.
One tricky thing is that umask uses reverse octal, which means you have to subtract the umask value from 7 to get the real octal value.
An example:
0 2 2 #umask
7 5 5 #Octal
111 101 101 #Binary
rwx r-x r-x #Permissions
More information: umask man page
Thanks to @bradscoolio
Hopefully this guide has helped you understand the concept of UNIX Modes (i.e. file permissions).
Please let me know your thoughts in the comments below.
Also, check out my Explanation of Linux' Directory Hierarchy.
More resources:
Wikipedia: File system permissions
Wikipedia: UNIX Modes