Linux Permissions with chmod on files and directories

Linux file permissions can be applied to files and directories, and using ls -l we can quickly get an overview of file properties.

-rw-r--r-- 1 root root   236 Aug  1  2017 install.log

The example shows (from left to right):
1) - Whether the file is a file or directory (- for file, l for link or d for directory, in this case it is a file therefore -)
2) rw-r--r-- Permissions (represented here as a set of three triplets, see below)
3) 1 Number of links or directories inside this directory (1 if a file)
4) root root Owners (user = root, group = root)
5) 236 File size
6) Aug 1 2017 Last modified date
7) install.log File name

Assigning to a user or group

Permissions can be applied to files and directories within the filesystem, and mapped against different categories:
– User (u) – the user that owns the file
– Group (g) – the group that owns the file (the group may contain multiple users)
– Other (o) – users who are not the owner or in the owning group
– All (a) – all users

Users are always members of at least one group, and can be members of many groups. Permissions on a file are mapped, in order, against the first three categories above.

Reading permissions

As permissions are set in the format <owning_user><owning_group><everyone_else>, the following is provided for each category:

Read (r)
– Files: Allows a file to be read
– Directories: Allows file names in the directory to be read
Write (w)
– Files: Allows a file to be modified
– Directories: Allows entries to be modified within the directory
Execute (x)
– Files: Allows the execution of a file
– Directories: Allows access to contents and metadata for entries

So rw-r--r-- means:
rw- Owner user can read and write
r-- Owner group can read
r-- Everyone else can read

Setting permissions

The chmod command is used to set permissions, and can be used in two modes – numeric or symbolic mode. For numeric mode, we use a digit per category, and in symbolic we state the category and then alter the permission.

For example, to set the permission example above to a new file called my.file:
– Numeric: chmod 644 my.file
– Symbolic: chmod u+rw, g+r, o+r my.file

Both have the same result.

Numeric

In a 3 digit binary value, the first value (reading right to left, not left to right) will be 1, followed by 2, then 4 as it doubles each time.

We use binary to set r/w/x on a category:
rwx = 111 = 421 = 4+2+1 = 7
rw- = 110 = 420 = 4+2+0 = 6
r-x = 101 = 401 = 4+0+1 = 5
r-- = 100 = 400 = 4+0+0 = 4

Therefore, we need 644 for encode for owner user, owner group and other respectively.

Symbolic

This is arguably more straightforward, with the syntax (in order of use):
ugoa (user category – user, group, other, all)
+-= (operator – add, subtract or set permissions)
rwx (permissions)

Here we don’t have to se the full file state at once, we can add or subtract single permissions one at a time if we need to, and from specific categories.