Linux file and directories permission is two types
1. Basic permission
2. Special permission
Linux permission separate three categories
Users, groups, others
Basic Permission command
1. Chmod -> changes the permission file and directories
2. Chown -> change the file “owner(user)” and “group”
3. Chgrp -> change the file “group ownership”
4. Umask -> defines or displays the default permission for creation of files or directories
Read 4 r
Write 2 w
Execute 1 x
Octal value |
File permission set |
Description |
0 |
— |
– |
1 |
–x |
Execute |
2 |
-w- |
Write |
3 |
-wx |
Write, execute |
4 |
r– |
Read |
5 |
r– |
Read, execute |
6 |
rw- |
Read,write |
7 |
rwx |
Read,write,execute |
Special Permission
Three special types of permissions are available for executable files and public directories setuid, setgid and sticky bit.
Setuid s 4 this flag is used to allow multi user access
Setgid s 2 this flag is used to allows multi group access
Sticy bit t 1 this flag prevent accidental delete by users or groups
“s” permission
The “s” permission is used on directories to keep the user or group ID for a file created in the directories.
To set the user ID for any new files created in the directory to the owner of the directories use the
“chmod u+s directory (or file)” command.
To set the group ID for any new files created in the directory to the directory group use the
“chmod g+s directory (or file)” command.
“t” permission
Sticky bit is used for directories to protect files within them.
Files in a directory with the sticky bit set can only be deleted or renamed by the root user or the owner of the directory.
Using command “chmod +t directory (or file)”
Examples
1. How to check and change the file permission using symbolic and numeric method?
Chmod –options mode file
-v – output
-R – change file and directories recursively
[root@server1 Desktop]# mkdir /example
[root@server1 Desktop]# ls -ld /example
drwxr-xr-x. 2 root root 4096 Jul 29 10:32 /example
[root@server1 Desktop]# cd /example/
[root@server1 example]# touch testfile
[root@server1 example]# ll
total 0
-rw-r–r–. 1 root root 0 Jul 29 10:33 testfile
Note:
Default directory permission is 755(user=rwx,group=r-x,others=r-x) Default file permission is 644 (user=rw-,group=r–,others=r–) |
Assign all permission user, group and other can read, write and execute
[root@server1 Desktop]# chmod -v 777 /example or chmod –v ugo+ /example
mode of `/example’ retained as 0777 (rwxrwxrwx)
[root@server1 example]# ls -ld /example
drwxrwxrwx. 2 root root 4096 Jul 29 10:33 /example
remove the group and other side write permission
[root@server1 Desktop]# chmod -v go-w /example
mode of `/example’ changed to 0755 (rwxr-xr-x
Remove the execute permission in others
[root@server1 Desktop]# chmod -v o-x /example
mode of `/example’ changed to 0754 (rwxr-xr–)
Assign the all permission in the file read, write and execute
[root@server1 Desktop]# cd /example/
[root@server1 example]# ll
total 0
-rw-r–r–. 1 root root 0 Jul 29 10:33 testfile
[root@server1 example]# chmod -v ugo+x testfile
mode of `testfile’ changed to 0755 (rwxr-xr-x)
[root@server1 example]# ll
total 0
-rwxr-xr-x. 1 root root 0 Jul 29 10:33 testfile
All permission assign all directory, sub directory and file using recursive mode ‘R’
[root@server1 /]# chmod -Rv 777 /example
mode of `/example’ retained as 0777 (rwxrwxrwx)
mode of `/example/testfile’ changed to 0777 (rwxrwxrwx)
2. How to check and change ownership (user) and group file permission?
Check the ownership and group permission
[root@server1 /]# ls -ld /example
drwxrwxrwx. 2 root root 4096 Jul 29 10:33 /examp
Assign the ownership permission using “chown” command
[root@server1 /]# chown -v madhu /example
changed ownership of `/example’ to madhu
[root@server1 /]# ls -ld /example
drwxrwxrwx. 2 madhu root 4096 Jul 29 10:33 /example
Assign the owner and group permission using “chown” command
[root@server1 /]# usermod -G skylark madhu
[root@server1 /]# chown -v madhu:skylark /example
changed ownership of `/example’ to madhu:skylark
[root@server1 /]# ls -ld /example
drwxrwxrwx. 2 madhu skylark 4096 Jul 29 10:33 /example
Assign the group permission only using “chgrp” command
[root@server1 /]# chgrp -v root /example
changed group of `/example’ to root
[root@server1 /]# ls -ld /example
drwxrwxrwx. 2 madhu root 4096 Jul 29 10:33 /example
[root@server1 /]# chgrp -v skylark /example
changed group of `/example’ to skylark
How to change that directory contains files and subdirectory?
[root@server1 /]# chown -Rv root:root /example/
changed ownership of `/example/testfile’ to root:root
changed ownership of `/example/’ to root:root
3. “umask” command examples
“umask” default value = 022
Default files permission = 644 (rw-r–r–)
Default folder permission = 755 (drwx-r-xr-x)
How to assign the default permission particular folder
Default permission u=rwx, g=rwx, o=r (774)
U=rwx,g=rwx,o=rwx 777
U=rwx,g=rwx,o=r– 774 –
——————————-
Umask value = 003
——————————-
This subtracts 003 from the system defaults for files and directories 666 and 777.
[root@server1 Desktop]# mkdir -v /example
mkdir: created directory `/example’
[root@server1 Desktop]# ls -ld /example
drwxr-xr-x. 2 root root 4096 Jul 29 17:51 /example
[root@server1 Desktop]# chmod -v 774 /example
mode of `/example’ changed to 0774 (rwxrwxr–)
[root@server1 Desktop]# cd /example/
[root@server1 example]# touch test
[root@server1 example]# mkdir testdir
[root@server1 example]# ll
total 4
-rw-r–r–. 1 root root 0 Jul 29 17:55 test
drwxr-xr-x. 2 root root 4096 Jul 29 17:55 testdir
[root@server1 example]# umask -S 003 /example/
u=rwx,g=rwx,o=r
[root@server1 example]# touch test-1
[root@server1 example]# mkdir testdir-1
[root@server1 example]# ll
total 8
-rw-r–r–. 1 root root 0 Jul 29 17:55 test
-rw-rw-r–. 1 root root 0 Jul 29 17:56 test-1
drwxr-xr-x. 2 root root 4096 Jul 29 17:55 testdir
drwxrwxr–. 2 root root 4096 Jul 29 17:56 testdir-1
4. Example for the “s” and “t” permission
[root@server1 example]# ls -ld /example/
drwxrwxr–. 4 root root 4096 Jul 29 18:05 /example/
assign full permission
[root@server1 example]# chmod -v 777 /example/
mode of `/example/’ changed to 0777 (rwxrwxrwx)
[root@server1 example]# su – ayyappan
[ayyappan@server1 ~]$ cd /example/
[ayyappan@server1 example]$ cat > ayyappan
this is ayyappan file
[ayyappan@server1 example]$ su – madhu
[madhu@server1 ~]$ cd /example/
[madhu@server1 example]$ cat > madhu
this is madhu file
[madhu@server1 example]$ ll
total 8
-rw-rw-r–. 1 ayyappan ayyappan 20 Jul 29 19:07 ayyappan
-rw-rw-r–. 1 madhu madhu 19 Jul 29 19:08 madhu
[madhu@server1 example]$ logout
[ayyappan@server1 example]$ logout
Assign “s” permission
[root@server1 example]# chmod ug+s /example/
[root@server1 example]# ls -ld /example/
drwsrwsrwx. 2 root root 4096 Jul 29 19:12 /example/
[root@server1 example]# su – ayyappan
[ayyappan@server1 ~]$ cd /example/
[ayyappan@server1 example]$ touch ayyappan-s-per
[ayyappan@server1 example]$ ll ayyappan-s-per
-rw-rw-r–. 1 ayyappan root 0 Jul 29 19:11 ayyappan-s-per
[ayyappan@server1 example]$ logout
Assign “t” sticky bit permission
[root@server1 example]# chmod +t /example
[root@server1 example]# ls -ld /example/
drwsrwsrwt. 2 root root 4096 Jul 29 19:12 /example/
[root@server1 example]# su – ayyappan
[ayyappan@server1 ~]$ cd /example/
[ayyappan@server1 example]$ ll
total 8
-rw-rw-r–. 1 ayyappan ayyappan 20 Jul 29 19:07 ayyappan
-rw-rw-r–. 1 ayyappan root 0 Jul 29 19:11 ayyappan-s-per
-rw-rw-r–. 1 madhu madhu 19 Jul 29 19:08 madhu
-rw-rw-r–. 1 madhu madhu 0 Jul 29 19:09 madhufile
[ayyappan@server1 example]$ rm -rf madhufile
rm: cannot remove `madhufile’: Operation not permitted
[ayyappan@server1 example]$ rm -rf ayyappan
[ayyappan@server1 example]$ logout
[root@server1 example]#
Now remove the “t” sticky bit permission
[root@server1 example]# chmod -v -t /example/
mode of `/example/’ changed to 6777 (rwsrwsrwx)
[root@server1 example]# su – madhu
[madhu@server1 ~]$ cd /example/
[madhu@server1 example]$ ll
total 4
-rw-rw-r–. 1 ayyappan root 0 Jul 29 19:11 ayyappan-s-per
-rw-rw-r–. 1 madhu madhu 19 Jul 29 19:08 madhu
-rw-rw-r–. 1 madhu madhu 0 Jul 29 19:09 madhufile
[madhu@server1 example]$ rm -rf ayyappan-s-per
[madhu@server1 example]$ logout