Working with permissions
The following are the types of permissions:
- Read permission: The user can read or check the content of the file
- Write permission: The user can edit or modify the file
- Execute permission: The user can execute the file
Changing file permissions
The following are the commands for changing the file permissions:
To check the file permission, give the following command:
$ ll file_name
The details of file permissions are as seen in the following image:
In the preceding diagram, as we can see, permissions are grouped in owner-user and group and other users' permissions. Permissions are of three types such as read, write, and execute permissions. As per the requirement, we may need to change permissions of the various files.
Command chmod
We can change the file or directory permissions by the following two ways:
Technique one – the symbolic method
The following command will add the read/write and execute permissions to the file wherein, u
is for user, g
is for group, and o
is for others:
$ chmod ugo+rwx file_name
Alternatively, you can use the following command:
$ chmod +rwx file_name
Technique two – the numeric method
The following command will change the file permissions using the octal technique:
$ chmod +rwx file_name
The file permission 777
can be understood as 111 111 111
, which corresponds to the rwx.rwx.rwx
permissions.
Setting umask
We will see how Linux decides the default permissions of the newly created file or folder:
$ umask 0002
The meaning of the preceding output is that, if we create a new directory, then from the permissions of +rwx
, the permission 0002
will be subtracted. This means that for a newly created directory, the permissions will be 775
or rwx rwx r-x
. For a newly created file, the file permissions will be rw- rw- r--
. By default, for any newly created text file, the execute bit will never be set. Therefore, the newly created text file and directory will have different permissions even though the umask is same.
Setuid
Another very interesting functionality is the setuid
feature. If the setuid
bit is set for a script, then the script will always run with the owner's privileges irrespective of which user is running the script. If the administrator wants to run script written by him by other users, then he can set this bit.
Consider either of the following situations:
$ chmod u+s file_name $ chmod 4777 file
The file permissions after any of the preceding two commands will be drwsrwxrwx
.
Setgid
Similar to setuid
, the setgid
functionality gives the user the ability to run scripts with group owner's privileges, even if it is executed by any other user.
$ chmod g+s filename
Alternatively, you can use the following command:
$ chmod 2777 filename
File permissions after any of the preceding two commands will be drwxrwsrwtx
.
Sticky bit
Sticky bit is a very interesting functionality. Let's say, in the administration department there are 10 users. If one folder has been set with sticky bit, then all other users can copy files to that folder. All users can read the files, but only the owner of the respective file can edit or delete the file. Other user can only read but not edit or modify the files if the sticky bit is set.
$ chmod +t filename
Alternatively, you can use the following command:
$ chmod 1777
File permissions after any of the preceding two commands will be drwxrwxrwt
.