Linux Permissions with chmod on files and directories

July 17, 2017

Linux file permissions can be applied to files and directories, and using ls -l we can quickly get an overview of file properties.

-rw-r--r-- 1 root root   236 Aug  1  2017 install.log

The example shows (from left to right):
1) - Whether the file is a file or directory (- for file, l for link or d for directory, in this case it is a file therefore -)
2) rw-r--r-- Permissions (represented here as a set of three triplets, see below)
3) 1 Number of links or directories inside this directory (1 if a file)
4) root root Owners (user = root, group = root)
5) 236 File size
6) Aug 1 2017 Last modified date
7) install.log File name

Assigning to a user or group

Permissions can be applied to files and directories within the filesystem, and mapped against different categories:
- User (u) - the user that owns the file
- Group (g) - the group that owns the file (the group may contain multiple users)
- Other (o) - users who are not the owner or in the owning group
- All (a) - all users

Users are always members of at least one group, and can be members of many groups. Permissions on a file are mapped, in order, against the first three categories above.

Reading permissions

As permissions are set in the format <owning_user><owning_group><everyone_else>, the following is provided for each category:

Read (r)
- Files: Allows a file to be read
- Directories: Allows file names in the directory to be read
Write (w)
- Files: Allows a file to be modified
- Directories: Allows entries to be modified within the directory
Execute (x)
- Files: Allows the execution of a file
- Directories: Allows access to contents and metadata for entries

So rw-r--r-- means:
- rw- Owner user can read and write
- r-- Owner group can read
- r-- Everyone else can read

Setting permissions

The chmod command is used to set permissions, and can be used in two modes - numeric or symbolic mode. For numeric mode, we use a digit per category, and in symbolic we state the category and then alter the permission.

For example, to set the permission example above to a new file called my.file:
- Numeric: chmod 644 my.file
- Symbolic: chmod u+rw, g+r, o+r my.file

Both have the same result.


In a 3 digit binary value, the first value (reading right to left, not left to right) will be 1, followed by 2, then 4 as it doubles each time.

We use binary to set r/w/x on a category:
- rwx = 111 = 421 = 4+2+1 = 7
- rw- = 110 = 420 = 4+2+0 = 6
- r-x = 101 = 401 = 4+0+1 = 5
- r-- = 100 = 400 = 4+0+0 = 4

Therefore, we need 644 for encode for owner user, owner group and other respectively.


This is arguably more straightforward, with the syntax (in order of use):
- ugoa (user category - user, group, other, all)
- +-= (operator - add, subtract or set permissions)
- rwx (permissions)

Here we don't have to se the full file state at once, we can add or subtract single permissions one at a time if we need to, and from specific categories.

Profile picture

From Dave, who writes to learn things. Thoughts and views are his own.

© 2024, withdave.