The Fileperms() Function Allows the User to Read the Permissions Associated With a Particular File.

Contents

Understanding and Using File Permissions
Folder/Directory Permissions
Permissions in Action
Irresolute Permissions
1. chmod with Letters
2. chmod with Numbers
3. chmod with sudo
Recursive Permission Changes
1. Recursive chmod with -R and sudo
2. Recursive chmod using find, pipemill, and sudo
Warning with Recursive chmod
Changing the File Owner and Group
Volume Permissions with umask
ACL (Access Control List)
1. Setting upward ACL
2. Example Usage
3. GUI ACL Editor
4. Useful ACL Resource
File removal
Sticky Bit
See also
ToDo

Understanding and Using File Permissions

In Linux and Unix, everything is a file. Directories are files, files are files and devices are files. Devices are normally referred to equally a node; notwithstanding, they are yet files. All of the files on a system take permissions that allow or prevent others from viewing, modifying or executing. If the file is of type Directory then it restricts different actions than files and device nodes. The super user "root" has the ability to access whatever file on the system. Each file has access restrictions with permissions, user restrictions with possessor/grouping association. Permissions are referred to as $.25.

To alter or edit files that are owned by root, sudo must be used - please run into RootSudo for details.

If the owner read & execute bit are on, and then the permissions are:

          -r-x------

There are three types of admission restrictions:

Permission	Action	chmod choice
read	(view)	r or 4
write	(edit)	w or 2
execute	(execute)	10 or 1

At that place are also three types of user restrictions:

User	ls output
owner	`-rwx------`
group	`----rwx---`
other	`-------rwx`

Note: The restriction type scope is not inheritable: the file possessor will be unaffected by restrictions ready for his group or everybody else.

Binder/Directory Permissions

Directories have directory permissions. The directory permissions restrict different actions than with files or device nodes.

Permission	Action	chmod option
read	(view contents, i.eastward. ls command)	r or 4
write	(create or remove files from dir)	west or two
execute	(cd into directory)	x or 1

read restricts or allows viewing the directories contents, i.e. ls command
write restricts or allows creating new files or deleting files in the directory. (Caution: write access for a directory allows deleting of files in the directory even if the user does not accept write permissions for the file!)
execute restricts or allows changing into the directory, i.east. cd command

Info <!> Folders (directories) must accept 'execute' permissions set (x or 1), or folders (directories) will NOT FUNCTION as folders (directories) and Will DISAPPEAR from view in the file browser (Nautilus).

Permissions in Activity

          user@host:/home/user$ ls -l /etc/hosts          -rw-r--r--  1 root root 288 2005-11-13 xix:24 /etc/hosts          user@host:/dwelling house/user$

Using the example to a higher place we have the file "/etc/hosts" which is owned by the user root and belongs to the root group.

What are the permissions from the above /etc/hosts ls output?

          -rw-r--r--                    possessor = Read & Write (rw-)          group = Read (r--)          other = Read (r--)

Irresolute Permissions

The command to apply when modifying permissions is chmod. There are two means to alter permissions, with numbers or with letters. Using messages is easier to sympathise for most people. When modifying permissions be careful not to create security bug. Some files are configured to have very restrictive permissions to prevent unauthorized access. For example, the /etc/shadow file (file that stores all local user passwords) does not take permissions for regular users to read or otherwise access.

          user@host:/abode/user# ls -50 /etc/shadow          -rw-r-----  ane root shadow 869 2005-11-08 13:16 /etc/shadow          user@host:/dwelling/user#                    Permissions:          possessor = Read & Write (rw-)          group = Read (r--)          other = None (---)                    Ownership:          owner = root          group = shadow

chmod with Letters

          Usage: chmod {options} filename

Options	Definition
u	owner
g	grouping
o	other
a	all (same as ugo)
x	execute
w	write
r	read
+	add permission
-	remove permission
=	set permission

Here are a few examples of chmod usage with letters (try these out on your arrangement).

First create some empty files:

          user@host:/home/user$ touch on file1 file2 file3 file4          user@host:/home/user$ ls -fifty          full 0          -rw-r--r--  1 user user 0 Nov 19 20:13 file1          -rw-r--r--  1 user user 0 Nov nineteen 20:13 file2          -rw-r--r--  one user user 0 Nov 19 20:13 file3          -rw-r--r--  1 user user 0 Nov nineteen 20:thirteen file4

Add owner execute chip:

          user@host:/home/user$ chmod u+ten file1          user@host:/home/user$ ls -50 file1          -rwxr--r--  i user user 0 November 19 20:13 file1

Add other write & execute fleck:

          user@host:/domicile/user$ chmod o+wx file2          user@host:/home/user$ ls -l file2          -rw-r--rwx  1 user user 0 Nov nineteen 20:xiii file2

Remove group read scrap:

          user@host:/abode/user$ chmod g-r file3          user@host:/home/user$ ls -l file3          -rw----r--  ane user user 0 Nov 19 xx:13 file3

Add read, write and execute to everyone:

          user@host:/home/user$ chmod ugo+rwx file4          user@host:/dwelling house/user$ ls -l file4          -rwxrwxrwx  ane user user 0 Nov 19 20:13 file4          user@host:/home/user$

chmod with Numbers

          Usage: chmod {options} filename

Options	Definition
`#--`	owner
`-#-`	grouping
`--#`	other
one	execute
ii	write
four	read

Possessor, Group and Other is represented by iii numbers. To go the value for the options determine the blazon of admission needed for the file and then add.

For example if you want a file that has -rw-rw-rwx permissions you will utilise the following:

Owner	Group	Other
read & write	read & write	read, write & execute
4+2=six	4+two=6	4+2+ane=7

          user@host:/home/user$ chmod 667 filename

Another example if you want a file that has --w-r-ten--x permissions you will utilise the following:

Owner	Grouping	Other
write	read & execute	execute
2	4+one=5	1

          user@host:/home/user$ chmod 251 filename

Here are a few examples of chmod usage with numbers (try these out on your system).

Beginning create some empty files:

          user@host:/domicile/user$ touch file1 file2 file3 file4          user@host:/home/user$ ls -l          total 0          -rw-r--r--  1 user user 0 November 19 twenty:thirteen file1          -rw-r--r--  1 user user 0 Nov nineteen 20:thirteen file2          -rw-r--r--  ane user user 0 Nov xix xx:thirteen file3          -rw-r--r--  1 user user 0 Nov xix xx:thirteen file4

Add together owner execute bit:

          user@host:/home/user$ chmod 744 file1          user@host:/domicile/user$ ls -l file1          -rwxr--r--  1 user user 0 Nov nineteen 20:13 file1

Add other write & execute bit:

          user@host:/dwelling/user$ chmod 647 file2          user@host:/home/user$ ls -l file2          -rw-r--rwx  1 user user 0 Nov 19 20:xiii file2

Remove group read chip:

          user@host:/dwelling house/user$ chmod 604 file3          user@host:/home/user$ ls -fifty file3          -rw----r--  ane user user 0 Nov 19 20:13 file3

Add read, write and execute to everyone:

          user@host:/dwelling house/user$ chmod 777 file4          user@host:/home/user$ ls -l file4          -rwxrwxrwx  i user user 0 November 19 xx:13 file4          user@host:/home/user$

chmod with sudo

Changing permissions on files that yous practise not accept ownership of: (Note that changing permissions the wrong way on the wrong files can quickly mess up your system a swell deal! Delight be conscientious when using sudo!)

          user@host:/home/user$ ls -l /usr/local/bin/somefile          -rw-r--r--  i root root 550 2005-11-xiii 19:45 /usr/local/bin/somefile          user@host:/home/user$                    user@host:/home/user$ sudo chmod o+x /usr/local/bin/somefile                    user@host:/dwelling/user$ ls -l /usr/local/bin/somefile          -rw-r--r-10  1 root root 550 2005-11-thirteen nineteen:45 /usr/local/bin/somefile          user@host:/home/user$

Recursive Permission Changes

To modify the permissions of multiple files and directories with one command. Please note the warning in the chmod with sudo section and the Alert with Recursive chmod section.

Recursive chmod with -R and sudo

To alter all the permissions of each file and folder under a specified directory at once, employ sudo chmod with -R

          user@host:/habitation/user$ sudo chmod 777 -R /path/to/someDirectory          user@host:/dwelling/user$ ls -fifty          total 3          -rwxrwxrwx  1 user user 0 November 19 20:13 file1          drwxrwxrwx  2 user user 4096 November xix 20:thirteen folder          -rwxrwxrwx  one user user 0 Nov 19 20:13 file2

Recursive chmod using find, pipemill, and sudo

To assign reasonably secure permissions to files and folders/directories, information technology's mutual to give files a permission of 644, and directories a 755 permission, since chmod -R assigns to both. Use sudo, the notice command, and a pipemill to chmod as in the post-obit examples.

To modify permission of only files under a specified directory.

          user@host:/home/user$ sudo discover /path/to/someDirectory -type f -print0 | xargs -0 sudo chmod 644          user@host:/dwelling/user$ ls -fifty          full three          -rw-r--r--  1 user user 0 Nov 19 20:13 file1          drwxrwxrwx  2 user user 4096 Nov xix 20:13 folder          -rw-r--r--  i user user 0 November 19 twenty:thirteen file2

To change permission of merely directories nether a specified directory (including that directory):

          user@host:/habitation/user$ sudo discover /path/to/someDirectory -type d -print0 | xargs -0 sudo chmod 755          user@host:/home/user$ ls -fifty          full 3          -rw-r--r--  1 user user 0 Nov xix twenty:xiii file1          drwxr-xr-x  2 user user 4096 Nov 19 20:13 folder          -rw-r--r--  i user user 0 Nov 19 20:13 file2

Alert with Recursive chmod

Alarm: Although it'due south been said, it'southward worth mentioning in context of a gotcha typo. Please note, Recursively deleting or chown-ing files are extremely dangerous. You will not be the kickoff, nor the concluding, person to add ane too many spaces into the control. This instance will hose your system:

          user@host:/home/user$ sudo chmod -R / home/john/Desktop/tempfiles

Note the space between the outset / and home.

You take been warned.

Changing the File Owner and Group

A file'southward possessor can be changed using the chown command. For case, to change the foobar file'south owner to tux:

          user@host:/home/user$ sudo chown tux foobar

To change the foobar file's group to penguins, you could use either chgrp or chown with special syntax:

          user@host:/home/user$ sudo chgrp penguins foobar

          user@host:/habitation/user$ sudo chown :penguins foobar

Finally, to alter the foobar file'due south possessor to tux and the grouping to penguins with a single control, the syntax would be:

          user@host:/home/user$ sudo chown tux:penguins foobar

Info <!> Annotation that, by default, you must apply sudo to modify a file's owner or group.

Volume Permissions with umask

This section has been moved to: Fstab#Options

ACL (Access Command Listing)

Posix ACLs are a style of achieving a finer granularity of permissions than is possible with the standard Unix file permissions. See the full page on ACLs FilePermissionsACLs

Setting upward ACL

Install the acl package:

          sudo apt-become install acl

Edit /etc/fstab and add together option acl to partition(s) on which you want to enable ACL. For example:

          ...          UUID=d027a8eb-e234-1c9f-aef1-43a7dd9a2345 /home    ext4   defaults,acl   0   ii          ...

Remount sectionalization(due south) on which yous desire to enable ACL. For example:

          sudo mount -o remount /dwelling

Verify acl is enabled on the partition(s):

          mountain | grep acl

The commands, setfacl and getfacl, fix and read ACLs on files and directories.

Example Usage

This is a simple example for apply with a Samba share to ensure that any files or sub-directories created could also be modified by whatsoever Samba user.

Create a directory with full permission:

          mkdir shared_dir          chmod 777 shared_dir

Set the default ACL with '-d' and change with '-m' the permissions for samba nobody user nogroup group which volition apply to all newly created file/directories.

          setfacl -d -1000 u:nobody:rwx,g:nogroup:rwx,o::r-10 shared_dir

GUI ACL Editor

The Eiciel package allows GUI access to ACLs through the Nautilus file managing director.

Useful ACL Resources

http://brunogirin.blogspot.com/2010/03/shared-folders-in-ubuntu-with-setgid.html
http://wiki.kaspersandberg.com/doku.php?id=howtos:acl
man acl
man setfacl
man getfacl

File removal

To remove a file y'all cannot delete use

          sudo rm -rf filename

where filename is the name and path of the file to delete.

Nota bene: Be very careful when using the command rm with the -rf option since -r makes the file removal recursive (meaning it volition remove files inside of folders) and -f will strength the removal even for files which aren't writable. To play it condom, please consider typing in the absolute path to the file

          sudo rm -rf /path/to/file/filename

to prevent any mishaps that tin/will occur. It takes longer to type but you can't put a cost on peace of listen. See the rm man page for details.

Sticky Bit

The sticky bit applies only to directories, and is typically used on publicly-writeable directories. Within a directory upon which the gummy bit is applied, users are prevented from deleting or renaming any files that they do non personally own.

To add or remove the sticky flake, apply chmod with the "t" flag:

          chmod +t <directory>          chmod -t <directory>

The status of the viscid flake is shown in the other execute field, when viewing the long output of ls. "t" or "T" in the other execute field indicates the gluey bit is ready, annihilation else indicates it is non.

Making a public directory:

          user@host:/home/user$ mkdir binder          user@host:/domicile/user$ chmod 777 folder          user@host:/home/user$ ls -l          total three          drwxrwxrwx  2 user user 4096 November 19 20:13 folder

Adding the gummy bit (annotation the "t" in the other execute field):

          user@host:/home/user$ chmod +t binder          user@host:/home/user$ ls -l          full 3          drwxrwxrwt  2 user user 4096 Nov nineteen 20:13 folder

ToDo

umask (add together file and directory umask section, with specific focus on security)
The User Private Group scheme. In other words, this page does the basics and bolts ok, but nosotros need to describe what the permissions should be. The default Ubuntu fix is not agnostic: Every user has their default individual group. Directories for collaboration need to accept special grouping and permission fix for correct operation.
* Suggestion: I oftentimes use find instead of chmod -R, because it's easier to differentiate between files and directories that way. Yes, I know about the 'X' permission, but I don't trust it.
The sticky chip. It's needed for "other" in shared directories like /tmp. Information technology'south needed for "grouping" in shared directories where write permission is given to a group, like /var/world wide web

patellonarterfes.blogspot.com

Source: https://help.ubuntu.com/community/FilePermissions