We must also bear in mind that the operating systems are multi-user, we could access simultaneously with several users registered locally in our operating system, therefore, it is very important to carry out a periodic review of the existing permissions. Many times we want to prevent other users of the computer from modifying the files, but we do not know how to achieve it. On this occasion, we are going to teach you how to assign permissions to folders and files in Linux.
To make everything much clearer, we are going to divide this article into several sections that will allow us to better understand what is being talked about at all times. We must clarify that everything we will explain will be through the command line, that is, we will have to get a console or connect via SSH to our Linux server. If you are not familiar with this Linux component, perhaps this is the best time, since the level of difficulty we are going to talk about is low.
What is the chmod command and what is it for
The chmod (change mode) command is intended to change user, group and other permissions to files and folders, we can change the read, write and execute permissions of all files and folders that we want, in addition, we can make a Recursive modification of a certain folder, in this way, all the files and folders inside it will also be affected by this change. The chmod command is available in both Linux and Unix operating systems, therefore, if our server is based on Unix like a FreeBSD, we can change the permissions of files and folders in the same way that we do it in a Debian or Ubuntu.
The syntax for using chmod is as follows:
chmod [modificadores] file / directory permissions
First we will execute the chmod command, then we will be able to incorporate different modifiers, for example, the “-R” to make it recursive to all folders and files within the same folder, then we will have to put the new permissions that we want to apply, and finally, we will put the absolute or relative path of the file or folder that we want to modify the permissions.
A very important detail is that in some cases it is absolutely necessary to execute chmod with superuser permissions, since only the administrator user of the operating system will be able to change the permissions. This can be achieved by logging in as root, or directly using the popular “sudo” command to temporarily promote superuser with the command to run.
Examples of using chmod to change permissions
The first thing we are going to do is create a new folder and files inside it, with the aim that you practice with these folders and files, and do not modify the default permissions of the folders that already exist in your operating system. For this reason, we are going to make preparations for the tests to be a success.
Before starting, all the commands that you are going to execute will be done with different users, in order to correctly check the permissions that we are going to apply. To switch from one user to another on Linux systems, just open the console and run «your username«, We enter the password and we will automatically access the terminal as if we were the other user.
Preparing our system for testing
The first thing we are going to do is create a folder in each user’s current directory, it is usually located in / home / username.
Later, we will move into this folder and create a file:
To finish we will write the following command to level up and exit the folder that we have created:
With this, we have our system ready to start testing permission changes.
Get information on files and folders
If we want to list the existing files in a folder we will only have to write the following command:
With this we only obtain the name of the files or folders where we are on the path. To get much more detail we will have to write the following:
We have executed this command on our server, here you can see what the output looks like:
This command provides the following information (in order from left to right):
- File type (file shows “-” and directory shows a “d”).
- Read, write and execute permissions, both for user, group and others.
- Owner user.
- Group owning the file.
- Last modification date.
Once we have created the folder and files, as well as we have seen the output of the command «ls -l», we are going to interpret the permissions that the files or folders have.
Interpret the permissions that a file or folder has
You have previously seen that the different files have these permissions:
drwxr-xr-x 3 bron bron 4096 may 6 13:19 Descargas
In this offered string we will see that, for each file or folder, there is a series of letters in the first place. These are the permissions that the file has and they are read as follows:
In the previous example, we have the “drwxr-xr-x” permissions, this means the following:
- d: directory
- rwx: read, write and execute permissions for the user who owns the directory.
- rx: read and execute permissions for the group that owns the directory.
- rx: read and execute permissions for others in the directory.
If we want only the owner user to be able to read, write and execute a certain file, we would have to see the following:
That is, we can grant permissions to the following roles:
- Owner user.
- Group to which the owner belongs
- Rest of team users.
How to change file and folder permissions
The command that we must use to carry out this task is chmod, this will be the tool with which we can add or remove permissions, both to a file and to an existing folder in the file system of our operating system. To do this configuration with chmod, we can do it in two different ways, using letters that are more “human” but longer, and also numbers in “octal” format, which is much faster. This last form is our favorite because of its speed, although it is possible that at first you like to use letters more, because it is much better understood.
If we are going to use letters to add or remove permissions from a folder or file, we must take into account the roles, symbols and permissions.
There are three types of roles:
- u: user
- g: group
- or: others
- a: all (all), if you need to apply the same permission to user, groups and others, use “a” to save time.
Two types of symbols:
- +: add permissions
- -: remove permissions
- =: specifies the permissions set.
Three types of permits:
- r: reading
- w: writing
- x: execution
Next, we offer you a series of examples so that you can see what we are talking about:
Give full read, write and execute permissions to all roles, both user, group and others:
chmod ugo+rwx archivoDePrueba
Remove read, write and execute permissions from other users:
chmod o-rwx archivoDePrueba
In the end, everything lies in combining the roles, symbols and permissions depending on the need we have.
Octal based using numbers
The command chmod It is also compatible with another nomenclature that we are going to teach you and that is based on octal.
Imagine that the owner’s permissions (rwx) are identified by 0 and 1. That is, if for example we want to give read and write permissions only (and not execute permissions) it would be: 110. If we want only read permission it would be: 100.
Therefore, taking into account all the existing possibilities, we obtain the following values:
- 0 0 0: 0
- 0 0 1: 1
- 0 1 0: 2
- 0 1 1: 3
- 1 0 0: 4
- 1 0 1: 5
- 1 1 0: 6
- 1 1 1: 7
That is, this is something that can be extrapolated to both the user, group and others.
The format of the command would be as follows:
chmod xxx archivoDePrueba
Where the x’s will be changed to a number depending on the permissions that are assigned.
For example, if we want to give the owner full permissions and leave the other two roles (group and others) without any permission, the command would be:
chmod 700 archivoDePrueba
If we want to give read and write permissions to all roles then it will be:
chmod 666 archivoDePrueba
With these two simple ways we can set file and folder permissions on our Linux computer. In addition, we will have the command ls -l at our fingertips to obtain real-time information on the files and folders on the system. We recommend you visit the official chmod manual for Linux, for this, we will execute the following on the console:
We also recommend investigating the getfacl and setfacl commands to configure more advanced access control lists in Linux, and not only use users, groups and others, this will allow us greater granularity, although it is clearly much more advanced than the popular chmod . In general, if you do a good organization of users and groups, you should not need to use these access control lists.