Skip to content

File Permissions

The command used to change permissions from the command line is chmod, which means "change mode" (permissions are also called the mode of a file). The chmod command takes a permission instruction followed by a list of files or directories to change. The permission instruction can be issued either symbolically (the symbolic method) or numerically (the numeric method).

Who is u, g, o, a (for user, group, other, all)

What is +, -, = (for add, remove, set exactly)

Which is r, w, x (for read, write, execute)

The chmod command supports the -R option to recursively set permissions on the files in an entire directory tree.

Owner Group All
symbolic r w x r w x r w x
binary 4 2 0 4 2 0 4 2 0
example 1 1 0 1 1 0 1 0 0
decimal 6 6 4

Therefore 664 means rw-rw-r--

A newly created file is owned by the user who creates that file. Only root can change the user that owns a file.

chown user test_file
chown -R user test_dir
chown :admins test_dir
chown visitor:guests test_dir

Instead of using chown, some users change group ownership by using the chgrp command. This command works just like chown, except only used to change group ownership.

Special permissions constitute a fourth permission type in addition to the primary user, group, and other types. As the name implies, these permissions provide additional access-related features over and above what the basic permission types allow.

The setuid permission on an executable file means that commands run as the user owning the file, not as the user that ran the command. One example is the passwd command:

ls -l /usr/bin/passwd

The special permission setgid on a directory means that files created in the directory inherit their group ownership from the directory, rather than inheriting it from the creating user.

ls -ld /run/log/journal

A sticky bit for a directory sets a special restriction on the deletion of files. Only the owner of the file (and root) can delete files within the directory. An example is /tmp

ls -ld /tmp

  • Symbolically: setuid = u+s ; setgid = g+s; sticky = o+t

  • Numerically (fourth preceding digit): setuid = 4; setgid = 2; sticky = 1

The umask command without arguments displays the current value of the shell's umask:

The system's default umask values for Bash shell users are defined in the /etc/profile and /etc/bashrc files. Users can override the system defaults in the .bash_profile and .bashrc files in their home directories.

As root , you can change this by adding a shell startup script named /etc/profile.d/local-umask.sh.

#!/bin/bash
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 007
else
    umask 022
fi

Summary

Files have three categories to which permissions apply. A file is owned by a user, a single group, and other users. The most specific permission applies. User permissions override group permissions and group permissions override other permissions.

The chmod command changes file permissions from the command line. There are two methods to represent permissions, symbolic (letters) and numeric (digits).

The chown command changes file ownership. The -R option recursively changes the ownership of a directory tree.

The umask command without arguments displays the current umask value of the shell and the default umask values for Bash are defined in the /etc/profile and /etc/bashrc files.

Command References:

chmod, chown, chgrp, ls, chmod and umask.