Understanding and manipulating file permissions and ownership
The permissions set on files determine the level of access that a user will have on the file. When a user
accesses a file, then the permissions are checked to determine if the user has the rights to access the file.
ls -l prints the file permissions. Second, third and fourth character indicate the permissions
for the user that owns the file. Fifth, sixth and seventh character indicate the permissions for the group
that owns the file. Eighth, ninth and tenth character indicate the permissions for others (all users who are
not the file owner or a member of the file's group).
r in the permissions part stands for read
w stands for write permission, and
x stands for execute permission. For
-rw-r--r-- 1 mihael mihael 0 Mar 3 22:02 file
chmod changes the permissions of each given file according to mode, which can be a symbolic or
a numeric mode. The format of a symbolic mode is [
ugoa are the user who owns the file (
users who are in the file’s group (
g), other users (
o), and all users
a). The operator
+ add permissions to whatever permissions the users already
have for the file,
- remove permissions from whatever permissions the users already have for
the file, and
= make the permissions the only permissions for the file. The letters
rwxXst are read (r), write (w), execute or search it if it is a directory (x), execute or
search permission is affected only if the file is a directory or already had execute permission (X), set
user or group ID on execution (s), restricted deletion flag or sticky bit (t). To give everyone permission
to read and write a regular file, but not to execute it, use:
# chmod a=rw file
To remove write permission for all users other than the file’s owner, use:
# chmod go-w file
A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 4, 2, and 1. Omitted digits are assumed to be leading zeros. The first digit selects the set user ID (4) and set group ID (2) and restricted deletion or sticky (1) attributes. The second digit selects permissions for the user who owns the file: read (4), write (2), and execute (1); the third selects permissions for other users in the file's group, with the same values; and the fourth for other users not in the file's group, with the same values. For example, numeric mode
4751 corresponds to symbolic mode
o=x, and numeric mode
664 corresponds to symbolic mode
chown changes the user and/or group ownership of each given file. If only an owner is given,
that user is made the owner of each given file.
# chown owner file
If the owner is followed by a colon and a group name, with no spaces between them, the group ownership of the files is changed as well.
# chown owner:group file
If the colon and group are given, only the group of the files is changed.
# chown :group file