Linux permissions: chown, chgrp and chmod

Linux Permissions

Second post dedicated to Linux file system permissions, in this post you’ll learn how to see and modify permissions with the terminal. If you missed the first one, here’s the link.

Finished? Let’s get started! Before we dive into the world of permissions you must learn how to check them in the terminal. This can be achieved using the ls command.

ls -l

Ls is a basic Linux command which lists the files in your current folder, using the -l flag you can learn what permissions are associated with the files. Let’s give it a look!

$ ls -l
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file1
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file2
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file3
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file4

Okay, now let’s try to understand. Here’s how ls shows its output:

permissions, number of links, user, group, size, date, name

It might seems confusing but let’s focus only on permissions, user and group. In the precedent post I told you about user and group subjects, field user and group in ls command ARE user and group subjects. In this case the user is mark and the group is mark. The permission column is a little bit more difficult, but fear not and let’s analyze it:

-rw-r--r--

The first bit isn’t important for this lesson, let’s look at the remaining 9. The first three are the user‘s permissions, the second three are group‘s permissions and the remaining three are others permissions. Pretty simple now, right?

chown

Now that you can list permissions, you surely want to mess up with them :3 . Chown is the first command we’re going through. It is used to change the owner (or user subject). Its syntax is:

# chown OWNER FILE

Practice is better than words in this case; let’s take a look at what happens when I change file1’s owner from mark to root.

# chown root file1
$ ls -l
-rw-r--r-- 1 root mark 0 Nov 28 15:29 file1
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file2
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file3
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file4

Note: I had to use a privileged user to use chown on someone else. For now you can access the privileged mode using sudo su or sudo COMMAND where COMMAND = the command you’re issuing.

chgrp

Chown changes file’s user, while chgrp changes file’s group. Its syntax is:

# chgrp GROUP FILE

And now let’s change file1’s group to root.

# chgrp root file1
$ ls -l
-rw-r--r-- 1 root root 0 Nov 28 15:29 file1
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file2
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file3
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file4

As you can see it does what it promises, it changes file’s group.

chmod

Chmod is probably the most difficult command among the three presented in this post. It is used to change the permissions of the three subjects and its syntax is:

$ chmod PERMISSION FILE

Now the problem is what goes into the permission field? In the precedent post I mentioned you can use two forms to represent permissions: r w x or 4 2 1, in this case we’ll be using the numerical form. When you set the permission for one subject you will have to set them for the other two too! So be careful now:

let’s suppose we want to assign read+write+execute to owner, read to group and none to others. It’s time to calculate:

  • owner will be read+write+execute=4+2+1=7
  • group will be read=4=4
  • others will be none so 0

So our lucky number is 740! Let’s use it on file2!

$ chmod 740 file2
$ ls -l
-rw-r--r-- 1 root root 0 Nov 28 15:29 file1
-rwxr----- 1 mark mark 0 Nov 28 15:29 file2
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file3
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file4

Notice how it changed. Now suppose we want to full permissions to everyone! Can you guess which number I will use?

$ chmod 777 file3
$ ls -l
-rw-r--r-- 1 root root 0 Nov 28 15:29 file1
-rwxr----- 1 mark mark 0 Nov 28 15:29 file2
-rwxrwxrwx 1 mark mark 0 Nov 28 15:29 file3
-rw-r--r-- 1 mark mark 0 Nov 28 15:29 file4

If you said 777, then you’ve answered correctly!

Note: Notice I didn’t have to change to a different user to issue this command, since I was the owner of file2 and file3, so I had permissions to do that.

Conclusion

That’s pretty much it for basic permissions, be sure to tune for the next post regarding Special Bit, SUID and SGID permissions. (advanced topics)

Image courtesy of Kev-shine
mark

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.