Managing Permissions#
Imagine a file called .my_secrets
which the following permissions: -rw-rw-r--
. Let's change those around a bit and have a play.
For starters, we don't want to be able to accidentally change the file contents and lose our secrets. Let's make it so we cannot write to the file: chmod 440 .my_secret
1 2 |
|
That got use a file that can only be read, because the r
flag is the only flag that's present. The w
flag we had earlier under the user
and group
sections, has been removed. Try editing the file, now:
1 2 |
|
Don't worry too much about what echo
and >>
mean right now. Just know I'm trying to "echo" or "print" the statement, "Some new secret" and then append it (>>
) to the file called .my_secrets
. And the results? -bash: .my_secrets: Permission denied
.
The bash
part refers to the default shell most Ubuntu installations use. It's like the environment you're using and there are other choices, but the default is Bash and right now you can ignore this.
The Permission denied
is what we're interested in. We're getting this because, as you've probably worked out, we don't have permissions to write to the file. What about deleting it? rm .my_secrets
1 2 3 4 |
|
Using rm
to delete the file yields two things here:
- We had to confirm we wanted to delete a
write-protected file
because thew
flag was missing - And we don't need
w
orwrite
access to delete a file
Permission Octets (Numbers)#
File permissions are a three-digit octal number where the three digits correspond to the access rights of the user who owns the file, the group and other users. Each of the octal digits is the sum of 4
for read permission; 2
for write permission; and 1
if execute permission is required.
Let's review the most common permissions you'll see in the wild:
chmod 755 <file>
means you can do anything with the file or directory, and other users can read and execute it but not alter it. Suitable for programs and directories you want to make publicly available.chmod 644 <file>
means you can read and write the file or directory and other users can only read it. Suitable for public text files.chmod 711 <file>
means you can do anything with the file or directory and other users can only execute it. Suitable for directories where you don't want other people browsing through the contents but do want to give them access to selected files. This is the default for your home directory and the minimum access required for your public_html directory if you have a personal website.chmod 700 <file>
means you can do anything with the file or directory and other users have no access to it at all. Suitable for private directories and programs.chmod 600 <file>
means you can read and write the file or directory and other users have no access to it. Suitable for private text files.
To help with the numbering system, check this table out:
Binary | Octal | Permission |
---|---|---|
000 | 0 | — |
001 | 1 | –x |
010 | 2 | -w- |
011 | 3 | -wx |
100 | 4 | r– |
101 | 5 | r-x |
110 | 6 | rw- |
111 | 7 | rwx |
Permissions Letters#
You can also use letters to replace the number system, above. A lot of people prefer this as it makes more logical sense to them. I can appreciate that. I default to numbers as I've been doing this for years.
r
=read
w
=write
x
=execute
You also use a letter to denote for whom you're changing the permissions - the user, the group or the other (world). These are:
u
-user
g
-group
o
-other
(other)
To add a permission you do +
and to remove it, you do -
. You can also use =
to set it directly to the permissions you provide. Let's repeat the above examples, but using letters:
chmod u=rwx,go=rx <file>
means you can do anything with the file or directory, and other users can read and execute it but not alter it. Suitable for programs and directories you want to make publicly available.chmod u=rw,go=r <file>
means you can read and write the file or directory and other users can only read it. Suitable for public text files.chmod u=rwx,go=x <file>
means you can do anything with the file or directory and other users can only execute it. Suitable for directories where you don't want other people browsing through the contents but do want to give them access to selected files. This is the default for your home directory and the minimum access required for your public_html directory if you have a personal website.chmod u=rwx,go= <file>
means you can do anything with the file or directory and other users have no access to it at all. Suitable for private directories and programs.chmod u=rw,go= <file>
means you can read and write the file or directory and other users have no access to it. Suitable for private text files.
You can also do this: chmod g=u <file>
, which means the g
or group
permission set is synced up to the user
permission set, so they both end up with the same permissions.
Note
See how we use go=
above? What does that result in? Try it out!
Although more verbose, for people new to this sort of thing, the lettering system can be a blessing. I recommend understanding both systems.