Categories
Linux UNIX

chmod

I thought I’d share my notes on chmod for those of you that are just starting out. Enjoy!

Categories

Break the permissions up into 3 categories:

  • User
  • Group
  • Other

Each category can be given 3 types of permissions:

  • Read (4)
  • Write (2)
  • Execute (1)

To give the proper permissions, add up the total numbers within each category. You will end up with 3 different totals with a max of 7.

User Group Other
RWX  RWX   RWX
Read = 4, Write = 2, Execute = 1, Total = 7

Setting Permissions

chmod {permissions} {file_name}

Example:

chmod 755 file

Modifying Permissions by using Letters

  • (u) the user who owns it
  • (g) users in the file’s group
  • (o) users not in the file’s group
  • (a) all users

+ appends permissions
– removed permissions
= overwrites permissions

rwxXstugo – permission options

  • (r) read
  • (w) write
  • (x) execute (or access for directories)
  • (X) execute only if the file is a directory or already has – execute permission for some user
  • (s) set user or group ID on execution
  • (t) sticky
  • (u) the permissions granted to the user who owns the file
  • (g) the permissions granted to other users who are members of the file’s group
  • (o) the permissions granted to users that are in neither of the two preceding categories

Gives all users execute permissions.

chmod +x {file_name}

or

chmod a+x {file_name}

Gives user (owner), group, and others execute permission.

chmod ugo+rwx {file_name}

Gives user (owner), group and others (R)ead (W)rite and e(X)ecute permissions.

chmod go-w {file_name}

Viewing Permissions:

ls -l {file_name}

Example:

ls -l file -rwxr--r-- 1 tommye users 192 Jan 9 17:08 file

The above shows that I have read, write and execute, while group (users) and others have read permissions.

Common File Settings

777: all can read/write/execute.
755: user (owner) can do all, group/others can read/execute.
644: user (owner) can read/write, group/others can read only.

Common types

755: cgi scripts
666: data files
777: directories
644: configuration files not updated by the script

Default Permissions

Directory:

By default, Linux permissions for new directories are set to 777 allowing read, write, and execute permissions to user (owner), group, and other users.

File:

By default, Linux permissions for files are set to 666 allowing read and write access to user (owner), group, and others.

UMASK

The user file-creation mode mask (umask) is used to determine the file permission for newly created files. It can be used to control the default file permission for new files. It is a four-digit octal number.

The System Administrator will often change the Linux default permissions by using the umask command in a login script.

You can use the umask command without specifying any arguments to determine what your current default permissions are.

Example:

umask
0022

The value displayed by umask must be subtracted from the defaults of 777 (directories) and 666 (files) to determine your current defaults.

Use the -S option to view the current default permissions displayed in the alpha symbolic format.

Example:

umask -S
u=rwx,g=rx,o=rx

Here are some examples:

Using umask to set default permissions.

umask
0022
umask -S
u=rwx,g=rx,o=rx
umask 033
umask
0033
umask -S
u=rwx,g=r,o=r

You’ll notice that umask displays a 4-digit permissions mask, but only the last 3 digits represent the mask for owner, group, and others.

Depending on the Linux distribution that you are using, you can setup umask. When Bash is invoked as an interactive login shell, it first reads and executes commands from the file /etc/profile (global), if that file exists. After reading that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile (in that order) within your personal account, and reads and executes commands from the first one that exists and is readable.

Personal settings

~/.bash_profile
~/.bash_login
~/.profile
~/.bashrc

Global settings

/etc/profile
/etc/bashrc

By default most Linux distributions set it to 0022 (022) or 0002 (002).

Editing the umask

Append/modify the following line within the appropriate file to setup a new umask.

umask 022

Example:

Edit /etc/profile (global) or ~/.bashrc (personal) file.

vi /etc/profile

OR

vi ~/.bashrc

Save and close the file.

Changes will take effect after your next login or you can type source /etc/profile or source ~/.bashrc for the changes to take affect immediately.

source /etc/profile

or

source ~/.bashrc
Comments

By Tommy Elmesewdy

DevOps Engineer