Tag: permissions

Linux and UNIX Permissions on Directories

The read, write and execute permissions apply slightly differently to directories than they do to files. The read permission on a directory controls the ability to list the contents of that directory. In this example we’ll create a directory and place a blank file in it. We’ll then modify the permissions on the directory so the owner cannot see the contents.

$ mkdir secret_dir
$ touch secret_dir/my_secret.txt
$ ls secret_dir/
my_secret.txt
$ chmod u-r secret_dir/
$ ls secret_dir/
ls: secret_dir/: Permission denied
$ cd secret_dir/
$ ls
ls: .: Permission denied
$ cd ../

We see that we get a Permission denied error when trying to view the contents of the directory when the read permission has been revoked. Despite not being able to see what is in the directory we can still change our working directory to that directory.

The write permission on a directory behaves somewhat as expected. If a user has write on a directory they can create or remove files from that directory even if they are not the owner of the files. This is important to note as giving a user, group or other users write on a directory with other user’s files in it will allow them to delete other users files.

Now we’ll give read permissions back to the owner and revoke the execute permission:

$ chmod u+r secret_dir/
$ chmod u-x secret_dir/
$ ls secret_dir/
my_secret.txt
$ cd secret_dir/
-bash: cd: secret_dir/: Permission denied

We can now view the contents of the directory again but look at what happened when we tried to cd into it! Not having the execute permission on a directory will prevent you from changing into that directory even though you can view the contents. It is understandable how this can cause some confusion.

Easy Linux CommandsFor more tips like this check out my book Easy Linux Commands, only $19.95 from Rampant TechPress.

Buy it now!


unix, linux, system administration, sysadmin, security, file security, permissions, owner, group

Changing File Permissions in Linux and UNIX

Sooner or later it you will need to change access to a file or directory for the user (owner), group or other users. Often permissions are removed to restrict who can update or even view a file. Conversely you may want to grant more permissions to a file to encourage collaboration by allowing more people to view and edit files. It is also not unusual for an application to require specific permissions as a prerequisite for installation.

There are two methods of changing file permissions: with the abbreviations and with the numbers. Both have been described above, so now we’ll look at a couple examples of changing permissions using the chmod command.

The following example will demonstrate how to change permissions for the user (u), group (g), or others (o) using the alpha designations (r, w, x) for the permissions preceded by a + to add the permission or a to remove the permission. Adding and removing permissions can be combined into a single command as we see below.

Using the chmod Command with Alpha Designations to Change File Permissions:

$ ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
$ chmod o+w declaration.txt
$ ls -l
total 12
-rw-rw-rw- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
$ chmod go-w declaration.txt
$ ls -l
total 12
-rw-r--r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt

The first example of the chmod command here adds write permission to the file declaration.txt for other users. We can see in the second ls –l the w indication in the second to last column of the permissions in the directory listing. This illustrates the typical format of the chmod command where you specify user (owner), group and/or other, + to add permissions or – to remove them and read, write and/or execute followed by the filename. Notice that there is not a space on either side of the + or – with the chmod command.

In the second example we revoke write from both the group and other users. This demonstrates that we can affect more than one level of permissions with a single chmod command. We see this change reflected in the permissions listed in the last ls listing.

The next example makes the same permission changes as the previous example, but this time numeric permission designations are used.
Using the chmod Command with Numeric Designations

$ ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
$ chmod 666 declaration.txt
$ ls -l
total 12
-rw-rw-rw- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
$ chmod 644 declaration.txt
$ ls -l
total 12
-rw-r--r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt

Here we see the 666 mode being used to indicate that read (designated as 4) and write (designated as 2) but not execute (designated as 1) are combined (4+2+0=6) to grant read and write permissions to user, group and other. We then used the 644 mode to change the permissions so the owner could still read and write, but the group and other could only read.

It can be quicker to modify multiple permissions using the numeric designations but they tend to be much harder to remember. Using the abbreviations you can also easily change the group permissions, for example, without affecting the user or other permissions. The –R (recursive) option is also available for the chmod command allowing you to modify permissions on a directory and its contents. This should be done with caution as it is easy to lock lots of people out of files and directories, including yourself.

These permissions have a special meaning when applied to directories. Next week I’ll go over how these differ from files.

Easy Linux CommandsFor more tips like this check out my book Easy Linux Commands, only $19.95 from Rampant TechPress.

Buy it now!


unix, linux, system administration, sysadmin, security, file security, permissions, owner, group

Manipulating Owner and Group Information in Linux and Unix

As I mentioned in in a my post about file security every file and directory in Linux has an owner and a group associated with it. The need commonly arises where the user or group ownership for files or directories needs to be changed. For example, if user the sally, in group finance is responsible for a number of files and Sally gets transferred to the purchasing group the ownership of the files might need to be changed to marge because Marge is the user who is taking Sally’s place in finance. The chown command is used to change file or directory ownership.

As another example if a number of files that are currently accessed by the test group are ready for production and need to be changed to the prod group, the chgrp command can be used to give access to the prod group.

Actually the chown command can be used to change both user and group ownership, while the chgrp command can only be used to change group ownership. This command will be covered later in this chapter. When using either chown or chgrp commands, the system will first check the permissions of the user issuing the commands to make certain they have sufficient permissions to make the change.

Now we’ll look at some examples of how to use the chown and chgrp commands. We’ll start with the chgrp command, then look at chown and then finally see how chown can be used to do the work of both!

Change Group Ownership

The chgrp command is used to change the group with which a file is associated. The first thing you will need to provide this command is the group which you want to change the file or directory to. After that you can list a single file or directory to be changed or list separate entities separated by spaces. The chgrp command will not have any affect on the access granted to the group (the rw- in the middle of the three permissions sets) but will change who can use those permissions.

Using the chgrp Command on a File

# ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark authors 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
# chgrp presidents gettysburg.txt
# ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt

The chgrp command works the same for directories as it does for files. In the following example, the group ownership of the directory called examples will be changed. Directories are identified by the letter d in the first column of the ls –l display.

Using the chgrp Command on a Directory

# ls -l
total 4
-rw-rw-r-- 1 tclark tclark 0 Jan 13 21:13 example1.fil
-rw-rw-r-- 1 tclark tclark 0 Jan 13 21:13 example2.xxx
drwxrwxr-x 2 tclark tclark 4096 Jan 13 21:35 examples
# chgrp authors examples
# ls -l
total 4
-rw-rw-r-- 1 tclark tclark 0 Jan 13 21:13 example1.fil
-rw-rw-r-- 1 tclark tclark 0 Jan 13 21:13 example2.xxx
drwxrwxr-x 2 tclark authors 4096 Jan 13 21:35 examples

You can change the group for multiple files and/or directories by using the –R (recursive) option for the chgrp command. This is one of the few commands (we’ll see two of the others shortly) which use an upper-case R for the recursive option. When applied on a directory the –R option will apply the chgrp command to the directory and all its subdirectories and files. Care should be taken when using the –R option.

Next we’ll look at changing the ownership of files.

Change User Ownership

The chown (change owner) command can be used to change ownership of a file or directory. The syntax is very similar to chgrp.

# ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark authors 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
# chown abe gettysburg.txt
# ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 abe authors 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt

Just like with chgrp we see that chown accepts the username of the user who should get ownership and the file or directory to change. Again we could list multiple files or directories here with spaces separating them.

The chown command can be used to change the group ownership instead of the user ownership of a file or directory. If you wish to use chown to change the group ownership you can list a group preceded with either a colon (:) or a period (.). Here’s an example of how to use chown to change the group ownership of a file:

# ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 abe authors 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
# chown :presidents gettys*
# ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 abe presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt

If you wish to simultaneously change both the user and group ownership of a file you can specify the user and group in the format of user:group.

In the following example the user will be changed back to tclark and the group back to authors using a single command.

Using the chown Command to Change File Ownership

# ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 abe presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt
# chown tclark:authors gettys*
# ls -l
total 12
-rw-rw-r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark authors 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark authors 360 Jan 13 17:48 preamble.txt

Here we see the user and group has been changed with a single command. Just like with chgrp the chown command will take the –R (recursive) option and apply the chown command to a directory and its subdirectories. This should be used with care.

Easy Linux CommandsFor more tips like this check out my book Easy Linux Commands, only $19.95 from Rampant TechPress.

Buy it now!


unix, linux, system administration, sysadmin, security, file security, permissions, owner, group