Topics Summary

 

Chmod command for handling file permissions

File permissions are one of the important security features, in order to restrict unauthorized users to restrict access.

 

Check the file permissions:

We can see the permissions assigned to a file with ls -l command.

ls -l

[admin@linbox1 ~]$ ls -l abc*
-rw-r--r--. 1 root  root  17 Jul 25 17:13 abcfile1
-rw-r--r--. 1 root  root  17 Jul 25 17:13 abcfile2
-rw-rw-r--. 1 admin admin  0 Jul 26 07:59 abcfile3
drwxr-xr-x. 2 admin admin  6 Jun 16 05:47 Desktop
drwxr-xr-x. 2 admin admin  6 Jun 16 05:47 Documents

 

In the above-highlighted output is the file and directory access permissions.

This indicates access permissions are applied to the user, group and others.

rwx rwx rwx

users group others

Below chart will explain the read, write and execute permissions at file and Directory level.

 

Type of Permission@File Level@Directory Level
r-readIt means we can read the content of a fileWe can view the content of it but we can't create any new file or sub-directory.
w-writeIt means that we can edit it's contentWe can view and create new files in that directory. If we grant write permissions, then by default read permissions are also assigned.
x-executeFor a script files we can run them and for a directory Eg: Having execution permission for command files or binary files.If we have execute permissions at directory level, then we can also read and write content in directory.

 

Type of Permission @File Level @Directory Level

r-read it means we can read the content of a file we can view the content of it but we can't create any new file or sub-directory.

w-write it means that we can edit it's content we can view and create new files in that directory.

If we grant write permissions,

then by default read permissions are also assigned.

x-execute for script files we can run them and for a directory

 

Example:

Having execution permission for command files or binary files. If we have executed permissions at the directory level, then we can also read and write content in the directory.

 

Assigning permissions to file or directories:

chmod command:

This command is used for modifying the permissions to file and directories.

Syntax:

chmod permissions-user/group/others file-name

Example:

[root@sys2 ~]# chmod u+rw abclearn

[root@sys2 ~]# ls -l abclearn
-rwx-wxrw-. 2 steve dba 16 Jan 28 19:55 abclearn

 

 

Ways of granting the permissions:

We can assign permissions to a file in two ways they are

  • Symbolic mode (rwx)
  • Absolute mode (421)

 

Assigning permissions in symbolic mode:

In symbolic mode, we can assign permissions to the file or directory using lower case alphabets ‘rwx’

Let’s take a scenario for it,

We have “abclearn” file on Linux server and we want to modify the permissions of the file.

[root@sys2 ~]# ls -l abclearn
-rwxrwxrwx. 2 root root 16 Jan 28 19:55 abclearn

 

Looking at above existing permission set, everyone can access this file.

Our target permissions are as follows,

For users, r-x read, no write and execute permissions

For group r-x, no read, write and execute

For others rw- read, write and no execute for others

[root@sys2 ~]# chmod u+rx,g+rx,o+rw abclearn

 

Note:

For removing the permissions, we can use “-“ symbol.

Chmod u-rx abclearn

 

Checking the modified permissions,

[root@sys2 ~]# ls -l abclearn
-r-xr-xrw-. 2 root root 16 Jan 28 19:55 abclearn

 

Assigning permissions in absolute mode:

In absolute mode we can assign the permissions to the file using octal numbers.

Each octal number has its own set of permissions listed as follows:

o no permission(---) -----------> (000) ---> 0

o execute(--x) ------------------> (001) ---> 1

o write(-w-)----------------------> (010)---->2

o write and execute(-wx)------> (011)---->3

o read(r--)------------------------> (100)---->4

o read and execute(r-x)--------->(101)---->5

o read and write(rw-) ----------> (110)---->6

o read, write and execute(rwx)-->(111)-->7

 

Now change the permissions of the file by using #chmod command

For example, Let’s grant permissions such that,

others should have Execute permissions alone

group members should have read permissions

user should be having all permissions.

 

Chmod Command syntax:

chmod 741 file-name

 

Below we have explained a couple of permissions scenarios in both methodologies for easier understanding.

 

File permissionSymbolic modeAbsolute mode
Removing write permission to the user without altering remaining permissions.[root@sys2 ~]# chmod u-w abclearn [root@sys2 ~]# ls -l abclearn -r-xrwxrwx. 2 steve dba 16 Jan 28 19:55 abclearn[root@sys2 ~]# chmod 577 abclearn [root@sys2 ~]# ls -l abclearn -r-xrwxrwx. 2 steve dba 16 Jan 28 19:55 abclearn
Removing read permission to the group without altering remaining permissions.[root@sys2 ~]# chmod g-r abclearn [root@sys2 ~]# ls -l abclearn -r-x-wxrwx. 2 steve dba 16 Jan 28 19:55 abclearn[root@sys2 ~]# chmod 537 abclearn [root@sys2 ~]# ls -l abclearn -r-x-wxrwx. 2 steve dba 16 Jan 28 19:55 abclearn
Removing executing permissions for others without altering remaining permissions.[root@sys2 ~]# chmod o-x abclearn [root@sys2 ~]# ls -l abclearn -r-x-wxrw-. 2 steve dba 16 Jan 28 19:55 abclearn[root@sys2 ~]# chmod 536 abclearn [root@sys2 ~]# ls -l abclearn -r-x-wxrw-. 2 steve dba 16 Jan 28 19:55 abclearn
Adding read and write permissions to the user.[root@sys2 ~]# chmod u+rw abclearn [root@sys2 ~]# ls -l abclearn -rwx-wxrw-. 2 steve dba 16 Jan 28 19:55 abclearn[root@sys2 ~]# chmod 736 abclearn [root@sys2 ~]# ls -l abclearn -rwx-wxrw-. 2 steve dba 16 Jan 28 19:55 abclearn
Removing execute permissions for user, group and others.[root@sys2 ~]# chmod ugo-x abclearn [root@sys2 ~]# ls -l abclearn -rw--w-rw-. 2 steve dba 16 Jan 28 19:55 abclearn[root@sys2 ~]# chmod 626 abclearn [root@sys2 ~]# ls -l abclearn -rw--w-rw-. 2 steve dba 16 Jan 28 19:55 abclearn
Removing all permissions to all[root@sys2 ~]# chmod ugo-rwx abclearn [root@sys2 ~]# ls -l abclearn ----------. 2 steve dba 16 Jan 28 19:55 abclearn[root@sys2 ~]# chmod 000 abclearn [root@sys2 ~]# ls -l abclearn ----------. 2 steve dba 16 Jan 28 19:55 abclearn
Adding all permissions to all[root@sys2 ~]# chmod ugo+rwx abclearn [root@sys2 ~]# ls -l abclearn -rwxrwxrwx. 2 steve dba 16 Jan 28 19:55 abclearn[root@sys2 ~]# chmod 777 abclearn [root@sys2 ~]# ls -l abclearn -rwxrwxrwx. 2 steve dba 16 Jan 28 19:55 abclearn

 

Assigning permissions using absolute mode:

Let abclearn2 is the file on which we are going to implement the permissions.

Now my target permissions are as follows

For user rwx: read writes and execute

For group rwx: read writes and execute

For others rwx: read write and execute

 

  • check the permissions of the file using # ls –l < file name>
  • [root@sys2 ~]# ls -l abclearn
    -rwxrwxrwx. 2 root root 16 Jan 28 19:55 abclearn

 

The highlighted portion in the above output is the access permissions for the file.

  • Now using #chmod command I am going to change/alter the permissions to the file.
  1. [root@sys2 ~]# chmod 777 abclearn2
    [root@sys2 ~]# ls -l abclearn2
    -rwxrwxrwx. 1 root root 22 Jan 29 16:15 abclearn2

 

The target permissions are successfully applied to the file.

Note: changing the permissions of the file using absolute mode is less complex than the symbolic mode.

 

Default file permissions in Linux flavors

When the file is created in Linux the default access permissions assigned to the file are “rw-r--r--“ or 644

It means that,

For user -------read, write and no execute

For group -----read, no write and no execute

For others-----read, no write and no execute

 

Default directory level permissions

When the directory is created in Linux the default access permissions assigned to the file are “rwxr-xr-x “or 755.

It means,

For user-------read, write and execute

For group-----read, no write and execute

For others----read, no write and execute