File Permissions

Permissions are applied on three levels:-

  • Owner or User level
  • Group level
  • Others level

Access modes are of three types:-

  • r read only
  • w write/edit/delete/append
  • x execute/run a command

Access modes are different on file and directory:

Permissions

Files

Directory

R

Open the file

‘ls’ the contents of dir

W

Write, edit, append, delete file

Add/Del/Rename contents of dir

X

To run a command/shell script

To enter into dir using ‘cd’

 

[root@localhost ~]# ls -l lbfile 
-rw-r--r--. 1 root root 13 Apr 10 08:36 lbfile
[root@localhost ~]# ls -ld lbdir drwxr-xr-x. 2 root root 4096 Apr 10 08:45 lbdir [root@localhost ~]#

Filetype+permission, links, owner, group name of owner, size in bytes, date of modification, file name

Permission can be set on any file/dir by two methods:-

  • Symbolic method (ugo)
  • Absolute methods (numbers)
  1. Symbolic method (ugo):
  • Symbolic mode: General form of symbolic mode is:

# chmod [who] [+/-/=] [permissions] file
who ==>> To whom the permissions to be assigned
User/owner (u); group (g); others (o)
Example: –
Assigning different permissions to the file (user=rwx, group=rw and others=r)

#chmod u=rwx,g=rw,o=r lbfile (where lbfile is the name of the file)

[root@localhost ~]# chmod u=rwx,o=r lbfile
[root@localhost ~]# ls -l lbfile 
-rwxr--r--. 1 root root 13 Apr 10 08:36 lbfile
[root@localhost ~]# 

Assigning full permission to the file i.e. rwx to all

#chmod ugo=rwx <file name>

[root@localhost ~]# ls -l lbfile 
-rwxr--r--. 1 root root 13 Apr 10 08:36 lbfile
[root@localhost ~]# chmod ugo=rwx lbfile 
[root@localhost ~]# ls -l lbfile 
-rwxrwxrwx. 1 root root 13 Apr 10 08:36 lbfile
[root@localhost ~]# 

Likewise, you can add or remove permissions from any file for anyone (user group or other)

  • #chmod u+x lbfile (Adding execute permission to user only)
  • #chmod go-wx lbfile (Removing write and execute permissions from group and other)
  • #chmod go+wx lbfile (Adding write and execute permissions from group and other)
  • #chmod go=r lbfile (Giving only read permission to group and other)
  • Absolute Method (numbers)

In Absolute method we use numbers instead of using symbols i.e.

  1. Read=4
  2. Write=2
  3. Execute=1

Assigning different permissions to the file (user=rwx, group=rw and others=r)
#chmod 764 lbfile (where 7 means rwx i.e. 4+2+1, rw=6 i.e. 4+2 and 1 indicates x)

[root@localhost ~]# ls -l lbfile 
-rwxrwxrwx. 1 root root 13 Apr 10 08:36 lbfile
[root@localhost ~]# chmod 764 lbfile 
[root@localhost ~]# ls -l lbfile 
-rwxrw-r--. 1 root root 13 Apr 10 08:36 lbfile
[root@localhost ~]# 
Assigning full permission to the file i.e. rwx to all
#chmod 777 lbfile
[root@localhost ~]# ls -l lbfile 
-rwxrw-r--. 1 root root 13 Apr 10 08:36 lbfile
[root@localhost ~]# chmod 777 lbfile
[root@localhost ~]# ls -l lbfile
-rwxrwxrwx. 1 root root 13 Apr 10 08:36 lbfile
[root@localhost ~]#
Removing all permissions from others
#chmod 770 lbfile (where 0 indicates no permissions)
Note: All the above permissions and procedure is same for files and directories.

umask:

When we create any file using touch, cat or vi commands they get created with default file permissions as stored in umask (User file creation mask). umask is a 4 digit octal number which tells Unix which of the three permissions are to be denied rather than granted. Umask will decide that what should be the default permissions for a file and directory when it is created.
The default umask value is 0022
#umask
[root@localhost ~]# umask 
0022
[root@localhost ~]#

Calculation of default permissions for file and directory, basing upon the umask value:

Note: For a file by default it cannot have the execute permission, so the maximum full permission for a file at the time of creation can be 666 (i.e. 777 – 111 = 666), whereas a directory can have full permissions i.e. 777
  • The full permission for the file                    666
  • Minus the umask value                               –022
  • The default permission for file is                644     (rw-,r- -,r- -)
[root@localhost ~]# umask 
0022
[root@localhost ~]# touch lbfile1
[root@localhost ~]# ls -l lbfile1
-rw-r--r--. 1 root root 0 Apr 10 10:05 lbfile1
[root@localhost ~]#
  • The full permission for the directory          777
  • Minus the umask value                                 -022
  • The default permission for file is                 755  (rwx, r-x, r-x)
[root@localhost ~]# umask 
0022
[root@localhost ~]# mkdir lbdir1
[root@localhost ~]# ls -ld lbdir1
drwxr-xr-x. 2 root root 4096 Apr 10 10:12 lbdir1
[root@localhost ~]#

Modifying the umask value:
#umask 002

The Modified default Permission for a file will be 666 – 002=664 i.e. rw,rw,r, and for the directory it will be 777 – 002=775 i.e. rwx,rwx,r-x.
[root@localhost ~]# umask 
0022
[root@localhost ~]# umask 002
[root@localhost ~]# umask
0002
[root@localhost ~]#

Leave a Reply

Your email address will not be published. Required fields are marked *