File Permissions

Introduction

File permissions are expressed with a 10 character string.

To see the file permissions for files in a directory run ls -l.

The output will resemble the following:

drwxr-xr-x 2 josh josh 4096 Nov 29 15:32 Desktop
drwxr-xr-x 3 josh josh 4096 Nov 30 11:14 Documents
drwxr-xr-x 2 josh josh 4096 Nov 29 11:26 Downloads

If we were to turn this output into a table where each column is labeled, we would see that the,first set of characters such as denotes the file permissions, second column represents the number of links to that file, the third and fouth columns denote the user and group assigned to the file, the fifth column represents the size for that file in bytes, the sixth column is the last date the file was modified, and the final column is the name of the file (directories in this case).

Permissions Num. Links User Owner Group Owner Size (bytes) Date Modified File/Dir Name
drwxr-xr-x 2 josh josh 4096 Nov 29 15:32 Desktop
drwxr-xr-x 3 josh josh 4096 Nov 30 11:14 Documents
drwxr-xr-x 2 josh josh 4096 Nov 29 11:26 Downloads

File Permission Breakdown

Let’s break down the permission string drwxr-xr-x.

First Character

The 1st character in this string is the type of file. The most common characters you will see here are - for a regular file, d for directory, and l for link. Note that a link, or symbolic link, is conceptually similar to a “shortcut” on a Windows machine.

Symbol Meaning
- a regular file
d a directory
l a symbolic link

In the permission string drwxr-xr-x, the first character is d, so we have a directory.

Remaining Characters

The remaining 9 characters are to denote the permissions for 3 different permission classes

  1. The first set of 3 characters (character 2, 3, and 4) denote the permisions for the user that owns the file. In the string drwxr-xr-x, we have rwx which means the owner can read, write, and execute the file.

  2. The second set of 3 characters (character 5, 6, and 7) denote the permisions for the group that owns the file. Note that each user gets a group named after themselves. Also, users can be added to other groups. You can set permissions for an entire group.

    In the string drwxr-xr-x, we have r-x as the 5th, 6th, and 7th characters. This means any user in the group that owns this file can read and execute the file.

  3. The final set of 3 characters are for all other users (those not in the group that owns the file, and not the user that owns the file)

    In the string drwxr-xr-x, we have r-x which means all others can read and execute the file, but cannot modify it.

Changing File Permissions

We use the command chmod to change the file permissions. You can use either of the following methods to change the permissions.

Using the characters that represent the permissions

The characters for each type of user are:

  • u for owner
  • g for group
  • o for others
  • a for all

The characters for permissions are:

  • r for read
  • w for write
  • x for execute

To add permissions, combine a usertype character with + and one or more of the permission characters.

To remove permissions, combine a usertype character with - and one or more of the permission characters.

Samples

  1. chmod u+rwx filename to give read write and execute permissions to the owner.

  2. chmod g-x filename to remove execute permissions from the group.

Example

  1. Navigate to a directory to work with. You may need to create one.

    cd ~/Desktop/programs/bash-scripts

  2. Create a bash script we can work with.

    echo "echo hello permissions" > permission-ex.sh

  3. View the permissions for all the files in this directory, or just the bash file.

    ls -l                    # all the files
ls -l permission-ex.sh   # just permissions for that one file

    Notice it was not executable by the user.

  4. Try executing it just to see the error.

    ./permission-ex.sh            # attempt to execute the file, get an error

  5. Add execution permission and try to execute it again.

    chmod u+x                     # allow the user to execute the file 
ls -l permission-ex.sh        # show the permissions again
./permission-ex.sh            # execute successfully

Using Numeric Values

The values for each type of permission are:

r = 4
w = 2
x = 1

You can place them adjacent to each other to get combos

rw  = 4 + 2     = 6
rwx = 4 + 2 + 1 = 7
wx  =     2 + 1 = 3
rx  = 4     + 1 = 5

When referencing the permission string, notice that this is simply binary on a set of 3 characters. For example, with the string drwxr-xr-x we have:

d    r w x    r - x    r - x
     4 2 1    4   1    4   1

Sum:     7        5        5
Permission is 755

Sample

  1. chmod 766 filename to give:

    • rwx permissions to the owner
    • rw permissions to the group
    • rw permissions to the others

Example

  1. Create a file to work with.

    cd ~/Desktop/programs/bash-scripts
echo "echo hello from bash" > perm-ex-2.sh

  2. List the permissions.

    ls -l perm-ex-2.sh

  3. Allow the user to execute the file, group to read and execute, others to read and execute

    chmod 755 perm-ex-2.sh

  4. View the permissions and execute the file.

    ls -l 
./perm-ex-2.sh

Changing Ownership

The command chown will change the ownership of a file

Format:

sudo chown [new_owner] [filename]
sudo chown :[new_group] [filename]
sudo chown [new_owner] :[new_group] [filename]

Example:

  1. Create a new user.

    sudo useradd betty      # create a new user

  2. Set the password for the new user. Note that you will be prompted for a password after executing the following command.

    sudo passwd betty       # set the password for the new user

  3. Set the user for the perm-ex-2.sh file.

    sudo chown betty perm-ex-2.sh

  4. Set the group for the perm-ex-2.sh file.

    sudo chown :betty perm-ex-2.sh