How to Manage File Permission on Linux

Change files permissions on Linux

Learning how to change files permissions on Linux should be present on your Linux topic list because you can prevent security issues that could compromise your system.  

Change files permissions on Linux.

The chmod command permits users to change file permissions on Linux, like reading and write in Unix systems. In this post, we will explain to you how to change file and folder permissions with chmod.

In addition, the chmod command is the most practical and most effortless way to change these file permissions.

Permission on Linux – How it works

Before going deep on the command line to change file permissions on Linux, briefly introduce how it works the permissions on Linux.

When we talk about a Linux system, every file and folder has defined the access rights for the file owner, the members of a group of similar users, and everybody else. You can specify reading, writing, or executing a file (for example, executing a shell script file).

To view the permission assigned for a specific file, we can utilize the ls command. For example, we will examine the bash program placed in the /usr/bin folder.

ls -lha /usr/bin/curl
How to list file permission on Linux
How to list file permission on Linux

Here we can see:

  • The file “/usr/bin/curl” owner is the user “root.”
  • The superuser (root) has access to write, read and execute.
  • The root is the group owner of this file.
  • Users that belong to the group “root” also can execute and read and this file.
  • Anyone can read and execute this file.

In the chart below, we see how the first part of the listing is described. It consists of a letter showing the file type, attended by three collections of three characters representing READ, WRITE, and EXECUTION permission for the Owner, Group, and everybody else.

How files permission works on Linux,
How the Permission Works on Linux

How to use the Chmod command to Change files permissions on Linux.

First, let’s talk about the octal notation and symbols.

The chmod command is applied to change files permissions on Linux and also for folders. We specify the permission settings and the file or folder to change it. There are two methods to determine the permissions. 

rwx — — = 111 000 000
rw- rw- rw- = 110 110 110
rwx rwx rwx = 111 111 111

r– = 100 in binary = 4
r-x = 101 in binary = 5
rw- = 110 in binary = 6
rwx = 111 in binary = 7

Finally, let’s see how to use the chmod.

The basic syntax is:

chmod <permission> <file_name>

How to define and change files permissions on Linux using Symbolic Mode

To define permission using alphanumerical characters, you’ll necessitate limiting accessibility for the user/owner (u), Group (g), and others (o).

Specify the initial letter for every class, followed by the equal symbol (=) and the initial letter of the Read, Write, and/or execute (x) rights. Also, we have (a), which means ALL, identical to ugo.

To configure a file so if anyone can read, write, and execute, the command is:

chmod u=rwx,g=rwx,o=rwx <file-name>

Use the following command:

chmod u=rw,g=r,o=r test.txt

More Options:

chmod [OPTIONS] [ugoa…][-+=]grants…[…]  <file-name>.

The following set of flags ([-+=]), the operation flags, sets whether the permissions are to be removed, added, or placed:

 Eliminates the specified permissions.

+ Attaches specified permissions.

= Modifies the current permissions to the defined permissions. If no permissions are defined following the = symbol, any permissions from the chosen user class are excluded.

The grants (grants…) can be explicitly set utilizing either zero or more of the subsequent letters: r, w, x, X, s, and t. Apply a single letter from the set u, g, and o when copying grants from one to a different user’s class.

When placing permissions for more than one user class ([…]), use commas (without spaces) to leave the symbolic modes.

Here are excellent samples of how to practice the chmod command in symbolic mode:

Give the pausers of the group permission to read the file, but not to write and execute it:

chmod g=r <file-name>

Remove the execute permission for all users:

chmod a-x filename

See more examples:

Repulsively eliminate the write permission for additional users:

chmod -R o-w <folder-name>

Making a file executable in linux

Let’s see how we can configure a file to allow us to execute that file. So, the following examples modify the file permissions so that any user can perform the file “run-backup.sh”:

chmod +x ~/run-backup.sh

Directory permission in linux

The approach to change files permissions on Linux also works for directories with the chmod command. Also, we can apply the octal notation to set permissions. However, the purpose of the r, w, and x properties is another:

  • r – Enables the contents of the directory to be listed if the x property is also set.
  • w – Enables files inside the directory to be created, deleted, or renamed if the x property is also set.
  • x – Enables a directory to be opened (i.e., cd folder-name).

Example of some applicable settings for directories:

700 (rwx——) -> The directory owner has complete access. Nobody else has any rights. This setting is helpful for folders that just the Owner may handle and must be held secret from others.

755 (rwxr-xr-x) -> The directory owner has complete access. All others may list the directory but cannot generate files nor remove them. This setting is typical for directories that you want to share with extra users.

777 (rwxrwxrwx) -> No limitations on permissions. Anybody may list files, create new files in the folder and remove files in the directory. Frequently not a good approach.

Octal permission

Any File and Folder contain 8-bit data that manages the permissions. For example, in its primary binary form, 000 indicates that no rights.

When you place a “Read” permission, it attaches 4-bit to the data, giving it “100” (in binary format) or a “4” in the standard decimal format. Assigning a “Write” permission will append 2-bit to the data, giving it “010” and “2” in decimal mode. Finally, setting an “Execute” rights appends 1-bit to the data, which will result in “001” or “1” in a decimal format. In brief:

  • Read is similar to “4.”
  • Write is similar to “2.”
  • Execute is similar to “1.”

In a nutshell, setting permissions is basic math. For example, to select “Read and Write” grants, we blend 4 and 2 to get 6. Then, of course, there are other alterations:

  • 0: No permission
  • 1: Execute
  • 2: Write
  • 3: Write and Execute
  • 4: Read
  • 5: Read and Execute
  • 6: Read and Write
  • 7: Read, Write, and Execute

The first number represents the Owner, the second number to the Group, and the third to Others. Here are some of the regularly used for permissions:

  • 755. This set of grants is generally used by web servers. The Owner has total the permissions to read, write and execute. Everyone else can read and run but cannot make modifications to the file.
  • 644. Just the Owner can read and write. Everyone else can only read. Nobody else can execute this file.
  • 655. Just the Owner can read and write and cannot execute the file. Nobody else can read and run and cannot change the file.

For example, 777 means all users can Read, Write, and Execute. Because it gives full permission, you should utilize it with attention. Nevertheless, in some cases, you’ll require to set the 777 permissions before you can upload one file to the server. Like this example, to change files permissions Linux:

chmod 777 /path/to/file

How to recursively set permissions Linux

To change files permissions on Linux, we also can do it recursively run on all files and folders below the given directory, use the -R (–recursive) option:

chmod -R <folder-name>

So, to change the rights of all files and subdirectories under the /var/www directory to 755, you would apply:

chmod -R 755 /var/www

Find files and change permissions Linux

Let’s imagine that you are working to fix some permissions on a web server. You figure out that the files are configured with the wrong permission by allowing anyone to change them.

The most straightforward approach to fix all files permission on a single command line is doing it recursively. To achieve that goal, we can combine the find command with chmod.

Using the numeric method:

First, applying 644 on files:

find /var/www/bitslovers -type f -exec chmod 644 {} ;

Second, apply 755 to the folder:

find /var/www/bitslovers -type d -exec chmod 755 {} ;

Using the symbolic method:

find /var/www/bitslovers -type f -exec chmod u=rw,go=r {} ;
find /var/www/bitslovers -type d -exec chmod u=rwx,go=rx {} ;

The find command will seek files and folders beneath /var/www/bitslovers and move each found file and folder to the chmod command to apply for the permissions.

How to modify the file permission using the Xargs command?

Another good example using xargs:

sudo find /var/www/bitslovers -type d -print0 | xargs -0 sudo chmod 755

How to preserve the permission on copy File or Directory?

Sometimes, when you are copying files on Linux, we take care of the permission too. For example, suppose you are working on maintenance on the server using the root user. And, you need to move or copy files/folders from one specific application that only one user is allowed to access. In this case, you need to make sure not to change the permission from that files.

To achieve that goal, we can use the option -p from the cp command. Following the example below:

cp -rp ~/bitslovers /var/www

Alternatively, you can use the option -a that includes the -r flag and preserves everything.

How to preserve the permission on copy File or Directory using scp?

Also, if you are transferring the files to a remote host, the option -p to preserve the permission also it’s available:

scp -rp ~/bitslovers [email protected]:/var/www/

How to change symbolic link permissions

Symbolic links always hold 777 permissions.

Also, when changing the symlink’s permissions, the chmod will modify the permissions on the file where the link is pointing.

chmod 755 <symbolic-file-name>

The odds are that rather than modifying the target ownership, you will get an error message “cannot access ‘symlink’: Permission denied.”

The error happens because, on most Linux distributions, symlinks are shielded and cannot manipulate target files. This configuration is defined in /proc/sys/fs/protected_symlinks. 

In other words, 1 means allowed and 0 not. It is encouraged not to disable the symlink security.

Changing File Ownership in Linux

Changing file ownership in Linux could easily be achieved by applying the chown command. For example: Assume we needed to alter the Owner of backup.zip from one user to another:

sudo chown <user-name> backup.zip

Where <user-name> is the new Owner.

Changing Group Ownership in Linux

Also, it’s possible to change the Group that owns that file:

chgrp <grop-name> backup.zip

Where <group-name> is the new Owner Group.

Tip

Suppose you are working on reviewing multiples files to fix the permission. Then, you can execute the find command to discover files that match with specific permission. So, this way, you can scan your computer or folder to audit the file’s permission easily.

find -perm 777

In this example, you can find all files configured with 777 permission and fix them quickly.

Conclusion

Change files permissions on Linux or define them can give you a roadblock if they’re not set rightly. Wrong permission sets could compromise the whole system. Though, if you’d prefer to reach a file on your system or server, studying how to modify specific permissions is a must-have topic.

Also, you learned that chmod 777 is the command you’ll use to configure a file or folder available to everyone. And, it would be best if you used it in limited circumstances and turnabout back to a more restrictive set of permissions once you’re finished. 

To read more about chmod, visit the chmod man page.

Leave a Comment

Your email address will not be published.