Understanding and manipulating file permissions and ownership

The permissions set on files determine the level of access that a user will have on the file. When a user accesses a file, then the permissions are checked to determine if the user has the rights to access the file. ls -l prints the file permissions. Second, third and fourth character indicate the permissions for the user that owns the file. Fifth, sixth and seventh character indicate the permissions for the group that owns the file. Eighth, ninth and tenth character indicate the permissions for others (all users who are not the file owner or a member of the file's group). r in the permissions part stands for read permission, w stands for write permission, and x stands for execute permission. For example,

$ls -l
-rw-r--r-- 1 mihael mihael 0 Mar 3 22:02 file

chmod changes the permissions of each given file according to mode, which can be a symbolic or a numeric mode. The format of a symbolic mode is [ugoa][-+=] [rwxXst]. Letters ugoa are the user who owns the file (u), other users who are in the file’s group (g), other users (o), and all users (a). The operator + add permissions to whatever permissions the users already have for the file, - remove permissions from whatever permissions the users already have for the file, and = make the permissions the only permissions for the file. The letters rwxXst are read (r), write (w), execute or search it if it is a directory (x), execute or search permission is affected only if the file is a directory or already had execute permission (X), set user or group ID on execution (s), restricted deletion flag or sticky bit (t). To give everyone permission to read and write a regular file, but not to execute it, use:

# chmod a=rw file

To remove write permission for all users other than the file’s owner, use:

# chmod go-w file

A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 4, 2, and 1. Omitted digits are assumed to be leading zeros. The first digit selects the set user ID (4) and set group ID (2) and restricted deletion or sticky (1) attributes. The second digit selects permissions for the user who owns the file: read (4), write (2), and execute (1); the third selects permissions for other users in the file's group, with the same values; and the fourth for other users not in the file's group, with the same values. For example, numeric mode 4751 corresponds to symbolic mode u=srwx,g=rx, o=x, and numeric mode 664 corresponds to symbolic mode ug=rw,o=r. chown changes the user and/or group ownership of each given file. If only an owner is given, that user is made the owner of each given file.

# chown owner file

If the owner is followed by a colon and a group name, with no spaces between them, the group ownership of the files is changed as well.

# chown owner:group file

If the colon and group are given, only the group of the files is changed.

# chown :group file