As many people can access the system simultaneously and some resources are shared, Linux controls access through ownership and permissions.
Linux file ownership
In Linux, there are three types of owners: user, group, and others .
Linux User
A user is the default owner and creator of the file. So this user is called owner as well.
Linux Group
A user-group is a collection of users. Users that belonging to a group will have the same Linux group permissions to access a file/ folder.
You can use groups to assign permissions in a bulk instead of assigning them individually. A user can belong to more than one group as well.
Other
Any users that are not part of the user or group classes belong to this class.
Linux File Permissions
File permissions fall in three categories: chmod u+x mymotd.sh0, chmod u+x mymotd.sh1, and chmod u+x mymotd.sh2.
Read permission
For regular files, read permissions allow users to open and read the file only. Users can't modify the file.
Similarly for directories, read permissions allow the listing of directory content without any modification in the directory.
Write permission
When files have write permissions, the user can modify (edit, delete) the file and save it.
For folders, write permissions enable a user to modify its contents (create, delete, and rename the files inside it), and modify the contents of files that the user has write permissions to.
Execute permission
For files, execute permissions allows the user to run an executable script. For directories, the user can access them, and access details about files in the directory.
Below is the symbolic representation of permissions to user, group, and others.
Note that we can find permissions of files and folders using long listing (chmod u+x mymotd.sh3) on a Linux terminal.
In the output above, chmod u+x mymotd.sh4 represents a directory andchmod u+x mymotd.sh5 represents a regular file.
How to Change Permissions in Linux Using the chmod u+x mymotd.sh6 Command
Now that we know the basics of ownerships and permissions, let's see how we can modify permissions using the chmod u+x mymotd.sh6 command.
Syntax of chmod u+x mymotd.sh6:
chmod permissions filenameWhere,
- chmod u+x mymotd.sh9 can be read, write, execute or a combination of them.
- chown user filename 0 is the name of the file for which the permissions need to change. This parameter can also be a list if files to change permissions in bulk.
We can change permissions using two modes:
- Symbolic mode: this method uses symbols like chown user filename 1, chown user filename 2, chown user filename 3 to represent users, groups, and others. Permissions are represented as chown user filename 4 for read write and execute, respectively. You can modify permissions using +, - and =.
- Absolute mode: this method represents permissions as 3-digit octal numbers ranging from 0-7.
Now, let's see them in detail.
How to Change Permissions using Symbolic Mode
The table below summarize the user representation:
User representationDescriptionuuser/ownerggroupootherWe can use mathematical operators to add, remove, and assign permissions. The table below shows the summary:
OperatorDescription+Adds a permission to a file or directory–Removes the permission=Sets the permission if not present before. Also overrides the permissions if set earlier.Example:
Suppose, I have a script and I want to make it executable for owner of the file chown user filename 5.
Current file permissions are as follows:
Let's split the permissions like this:
To add execution rights (chown user filename 6) to owner (chown user filename 1) using symbolic mode, we can use the command below:
chmod u+x mymotd.shOutput:
Now, we can see that the execution permissions have been added for owner chown user filename 5.
Additional examples for changing permissions via symbolic method:
- Removing chmod u+x mymotd.sh0 and chmod u+x mymotd.sh1 permission for group and others: chown user:group filename3.
- Removing chmod u+x mymotd.sh0 permissions for others: chown user:group filename6.
- Assigning chmod u+x mymotd.sh1 permission to group and overriding existing permission: chown user:group filename9.
How to Change Permissions using Absolute Mode
Absolute mode uses numbers to represent permissions and mathematical operators to modify them.
The below table shows how we can assign relevant permissions:
PermissionProvide permissionreadadd 4writeadd 2executeadd 1Permissions can be revoked using subtraction. The below table shows how you can remove relevant permissions.
PermissionRevoke permissionreadsubtract 4writesubtract 2executesubtract 1Example:
- Set chmod u+x mymotd.sh0 (add 4) for user, chmod u+x mymotd.sh0 (add 4) and chmod u+x mymotd.sh2 (add 1) for group, and only chmod u+x mymotd.sh2 (add 1) for others.
chown -R admin /opt/script5
This is how we performed the calculation:
Note that this is the same as chown -R admin /opt/script6.
- Remove chown -R admin /opt/script7 rights from chown -R admin /opt/script8 and group.
To remove execution from chown -R admin /opt/script8 and group, subtract 1 from the execute part of last 2 octets.
- Assign chmod u+x mymotd.sh0, chmod u+x mymotd.sh1 and chmod u+x mymotd.sh2 to user, chmod u+x mymotd.sh0 and chmod u+x mymotd.sh2 to group and only chmod u+x mymotd.sh0 to others.
This would be the same as groupadd project-manager useradd -G project-manager Fatima passwd Fatima 0.
How to Change Ownership using the groupadd project-manager useradd -G project-manager Fatima passwd Fatima 1 Command
Next, we will learn how to change the ownership of a file. You can change the ownership of a file or folder using the groupadd project-manager useradd -G project-manager Fatima passwd Fatima 1 command. In some cases, changing ownership requires groupadd project-manager useradd -G project-manager Fatima passwd Fatima 3 permissions.
Syntax of groupadd project-manager useradd -G project-manager Fatima passwd Fatima 1:
chown user filenameHow to change user ownership with groupadd project-manager useradd -G project-manager Fatima passwd Fatima 1
Let's transfer the ownership from user chown user filename 5 to user groupadd project-manager useradd -G project-manager Fatima passwd Fatima 7.
groupadd project-manager useradd -G project-manager Fatima passwd Fatima 8
Command to change ownership: groupadd project-manager useradd -G project-manager Fatima passwd Fatima 9
Output:
How to change user and group ownership simultaneously
We can also use groupadd project-manager useradd -G project-manager Fatima passwd Fatima 1 to change user and group simultaneously.
chown user:group filenameHow to change directory ownership
You can change ownership recursively for contents in a directory. The example below changes the ownership of the user1 folder to allow user user2.
chown -R admin /opt/scriptHow to change group ownership
In case we only need to change the group owner, we can use groupadd project-manager useradd -G project-manager Fatima passwd Fatima 1 by preceding the group name by a colon user4
chown :admins /opt/scriptLinux Permissions Guided Exercise
Up until now we have explored permissions, ownerships, and the methods to change them. Now we will reinforce our learning with a guided exercise.
Goal: To create groups and assign relevant permissions to its members. Verify access by accessing it from unauthorized users.
Task: Create a group called user5 and add two members (John and Bob) to it. Create a folder user6 and change ownership to group user5. Verify that both users in the user5 group have read and write access to the folder.
Create another group user9 and add a user group0 to it. Verify if the folder user6 is accessible by group0.
Visualization of the problem
We can visualize the problem like this:
Step 1: Switch to root user.
Switch to root user so that we have the rights to create new users and groups.
Use the groupadd project-manager useradd -G project-manager Fatima passwd Fatima 3 command with flag group4.
If you have the root password, you can login using that as well.
Show solutionEnter group5 to switch to the root user.
Enter group6 to find out if you are the root user:
If you do not have group7 access, use the commands with appending groupadd project-manager useradd -G project-manager Fatima passwd Fatima 3.
Step 2: Create a group user5
Show hintUse the others0 command.
Syntax: others1
Show solutionEnter others2 to create the user5 group
Verify: others4
Step 3: Create two new users John and Bob and add them to the user5 group
Show hintUse command others6.
others6 creates a new user and adds to the specified group.
Syntax: others8
Where others9 specifies the group.
Show solutionchmod u+x mymotd.sh00
chmod u+x mymotd.sh01
Verify: others4
Step 4: Provide passwords for users John and Bob
Show hintUse command chmod u+x mymotd.sh03
chmod u+x mymotd.sh03 creates a password for users.
Syntax: chmod u+x mymotd.sh05
Show solutionchmod u+x mymotd.sh06
chmod u+x mymotd.sh07
Step 5: Create a directory in /home and name it user5
Show hintUse command chmod u+x mymotd.sh09
chmod u+x mymotd.sh09 creates a directory.
Syntax: chmod u+x mymotd.sh11
Show solutionchmod u+x mymotd.sh12
Verify:
Step 6: Change the group ownership of the folder user5 to group user5
Show hintUse command groupadd project-manager useradd -G project-manager Fatima passwd Fatima 1
Syntax: chmod u+x mymotd.sh16
Show solutionchmod u+x mymotd.sh17
Step 7: Make sure the permissions of folder user5 allow group members to create and delete files.
Show hintUse command chmod u+x mymotd.sh6
Write permissions allow users and groups to create and delete files.
Syntax: chmod u+x mymotd.sh20
Show solutionchmod u+x mymotd.sh21
Step 8: Ensure that 'others' don't have any access to the files of user5 folder.
Show hintUse command chmod u+x mymotd.sh6
Remove read, write, execute permissions from 'others' if they exist.
Syntax: chmod u+x mymotd.sh20
Show solutionchmod u+x mymotd.sh25
Step 9: Exit the group7 session and switch to chmod u+x mymotd.sh27
Show hintUse command chmod u+x mymotd.sh28 to logout of the root user.
Use chmod u+x mymotd.sh29 to switch users.
Syntax: chmod u+x mymotd.sh30
To confirm current user, use command group6.
Show solutionchmod u+x mymotd.sh28
chmod u+x mymotd.sh33
Verify with command group6.
Step 10: Navigate to folder: user6
Show hintUse command chmod u+x mymotd.sh36 to switch folders.
Syntax: chmod u+x mymotd.sh37
Confirm current path with chmod u+x mymotd.sh38.
Show solutionchmod u+x mymotd.sh39
Step 11: Create an empty file in the folder: user6
Show hintUse command chmod u+x mymotd.sh41 to create an empty file.
Syntax: chmod u+x mymotd.sh42
Show solutionchmod u+x mymotd.sh43
Verify: chmod u+x mymotd.sh44
Step 12: Change the group ownership of the created file to user5 and verify.
Show hintUse command groupadd project-manager useradd -G project-manager Fatima passwd Fatima 1 to change ownership.
Syntax: chmod u+x mymotd.sh47
Show solutionchmod u+x mymotd.sh48
Once group ownership is modified, all members of the group can access this file.
Verify chmod u+x mymotd.sh44
Step 13: Exit the shell and switch to user chmod u+x mymotd.sh50
Show hintUse command chmod u+x mymotd.sh28 to exit the terminal.
Use chmod u+x mymotd.sh29 to switch users.
Syntax: chmod u+x mymotd.sh30
To confirm current user, use command group6.
Show solutionchmod u+x mymotd.sh28
chmod u+x mymotd.sh56
Verify the current user with command group6.
Step 14: Navigate to the path user6
Show hintUse command chmod u+x mymotd.sh36 to switch folders.
Syntax: chmod u+x mymotd.sh37
Confirm current path with chmod u+x mymotd.sh38.
Show solutionchmod u+x mymotd.sh39
Step 15: Find out chmod u+x mymotd.sh63 privileges to access chmod u+x mymotd.sh64
Show hintUse command chmod u+x mymotd.sh3 for long listing.
Syntax: chmod u+x mymotd.sh66
Does group have chmod u+x mymotd.sh67 permissions?
Show solutionchmod u+x mymotd.sh68
Step 16: Modify the file chmod u+x mymotd.sh64 while logged in as chmod u+x mymotd.sh50
Show hintUse command chmod u+x mymotd.sh71 to add some text to the file.
Syntax: chmod u+x mymotd.sh72
This would redirect the quoted text to end of the file.
Show solutionchmod u+x mymotd.sh73
If all the permissions are correctly set, chmod u+x mymotd.sh50 would be allowed to edit and save this file. Otherwise you would get an error like this: chmod u+x mymotd.sh75.
Verify chmod u+x mymotd.sh76
Step 17: Create another group user9 and assign a member group0 to it
Show hintUse command others0 to add a new group.
Syntax: others1
Create a new user with command others6.
Use flag others9 to assign a user to it.
Show solutiongroupadd project-manager useradd -G project-manager Fatima passwd FatimaStep 18: Navigate to folder user6 and verify if group0 can access it
Show hintUse chmod u+x mymotd.sh36 to navigate to user6.
Show solutionchmod u+x mymotd.sh39.
We get this error:
This is because, others don't have any access to the folder user5.
If we recall, below are the rights of the user5 folder.
Wrapping up
Permissions and ownerships are useful concepts for enforcing security across multi-user operating systems. I hope you were able to learn about changing permissions and ownerships in depth.
What’s your favorite thing you learned from this tutorial? Let me know on Twitter!
You can also read my other posts here.
Thanks to Tom Mondloch for his help with the guided exercise.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
I am a DevOps Consultant and writer at FreeCodeCamp. I aim to provide easy and to-the-point content for Techies!
If you read this far, tweet to the author to show them you care. Tweet a thanks
Learn to code for free. freeCodeCamp's open source curriculum has helped more than 40,000 people get jobs as developers. Get started