keyboard-shortcut
d

chmod and chown 🔒

2min read

an image

chmod and chown?

  • The chmod command (short for "change mode") allows you to modify file and directory permissions (for security purposes).
  • The chown command (short for "change owner") allows you to re-allocate the owner of a file or directory (for security purposes).

Permissions

Each file in Linux has three types of permissions:

  • Read (r) - Allows a user to view the contents of a file.
  • Write (w) - Grants the ability to modify or delete a file.
  • Execute (x) - Permits a file to be run as a program.

If none of these permissions are set, it is represented with -.

Users

Permissions are assigned to three categories of users:

  • Owner - The user who owns the file.
  • Group - A set of users who share file access.
  • Others - All other users.

Creating/modifying users and groups

  • You can use the useradd and groupadd commands to create users and groups on Linux.
  • You can assign one (or many users) to one (or many groups) with usermod -aG group1,group2 user1 user2. The -a flag is important as it will append groups to the users. Using -G without -a will replace the users' current groups with the new ones.

Changing ownership

You can change ownership of a file/directory using chown:

  • To change the owner (but leave the group) you can simply run: chown newowner file.txt
  • To change the group (but leave the owner) you can run: chown :newgroup file.txt
  • To change the owner AND the group simultaneously, you can run: chown newowner:newgroup file.txt
  • To change the permissions of all files within a directory you can use the -R to recursively modify permissions: chown -R newowner:newgroup directory/.
  • These commands can be run on many files with wildcards chown newowner *.txt or multiple paths chown newowner file1.txt file2.txt

Understanding permissions

You can view permissions when running ls in "list" mode: ls -l

The first column gives you a hint for the type of the object. It can have the following values:

  • - regular file
  • d directory
  • l symlink - symbolic reference to another file or directory, similar to a shortcut
  • c character device - file representing a device that handles data as a stream of bytes (e.g. serial ports, sounds cards, etc.)
  • b block device - file representing a device that handles data in blocks (e.g. hard disks, USB cameras, etc.)
  • p named pipe - a FIFO queue (pipe) that is represented as a file on the linux filesystem
  • s socket - similar to pipes but supporting network communication or inter-process communication over the network
  • D door - special file used in Solaris-based systems (not common in Linux) for inter-process communication

Then the permissions follow:

  • r means read permission.
  • w means write permission.
  • x means executable permission.
  • - means the permission is not set.

The 9 following r/w/x/- characters form the below pattern:

  • The first set of three rwx characters represents the permissions for the owner.
  • The second set of three rwx characters represents the permissions for the group.
  • The third set of three rwx characters represents the permissions for others.

Changing permissions

Using chmod you can modify permissions either symbolically or numerically:

  • Symbolic mode - chmod u+x file.txt adds execute permission to the file's owner (u for user/owner).
  • Numeric mode - Permissions are represented by octal numbers. You can set permissions with values from 0 to 7.

Explaining Symbolic Mode

You can add and remove permissions with the + and - symbols respectively.

Explaining Numeric Mode

In the past, I've been really confused at the seemingly random numbers used in chmod commands. If I haven't used chmod recently, I also forget which values represent read/write/execute. Below is a handy summary!

r w x
4 2 1

You can combine permissions by adding the required values above. This results in the following permissions for each value from 0-7:

value permissions explanation binary
0 No permissions None of 1, 2 or 4 have been provided 000
1 Execute Just the value 1 001
2 Write Just the value 2 010
3 Write and Execute Sum of 1 and 2, hence both permissions 1 and 2 are included 011
4 Read Just the value 4 100
5 Read and Execute Sum of 1 and 4, hence both permissions 1 and 4 are included 101
6 Read and Write Sum of 2 and 4, hence both permissions 2 and 4 are included 110
7 Read, Write and Execute Sum of 1, 2 and 4, hence all permissions are included 111

If I'm sharing code with others, I'll typically use the verbose symbolic mode for easier readability, but for speed and ease it can be handy to use numeric mode.