ll /path/to/dir # "long listing" of files in a directory
___________ first bit| _________ owner permissions| | _____ group permissions| | | _ other / world permissions| | | |d rwx rwx rwx
first bit can be d (directory), l (link), - (regular file)
other bits are in groups of three, can be either r/w/x (set) or - (unset)
the last bit can also be t, which is the “sticky bit” (see special permissions under numeric permissions)
ugo = user, group, other
user = file owner
group = file group
other = any user who is not the owner and not in the group
rwx = read, write, execute
read = view file
write = write to file
execute = run the file as a program
Note
There is also s which can be in the x permission location under user. This is for setuid which essentially means that a user can run the program as if they were the program’s owner. Only used for executable files.
chgrp and chown
Change the group or owner of a file or directory.
Syntax
ch{grp,own} {group or user} file.txt
Note
The -R flag operates recursively through directories
chmod
Syntax
chmod [u,g,o,a]{-,+,=}{r,w,x} file.txt
[u,g,o,a]: optional, specify user, group, other, or all of the above for the given permission
{-,+,=}: remove, add, or set the given permission, respectively
{r,w,x}: read, write or execute permission
Note
You can also run with multiple of u,g,o and/or r,w,x specified. E.g.:
# add all permissions for user and groupchmod ug+rwx file.txtls -l file.txt# output: -rwxrwxrwx# set read and write permissions for user, group, and otherchmod a=rw file.txtls -l file.txt# output: -rw-rw-rw-
Note
Other (o) can also be referred to as world (w) in some cases. In Debian’s case, other (o) is used.
Examples
touch file.txtls -l file.txt# output: -rw-r--r--# user can read and write but not execute# group and other can read but not write nor execute# add execute permission without specifying ugochmod +x file.txtls -l file.txt# output: -rwxr-xr-x# adds execute permission to all 3 ugochmod -x file.txt # revertschmod g+x file.txtls -l file.txt# output: -rw-r-x-r--# adds execute permission to JUST group# grab an existing scriptcp ~/.local/bin/vimv .ls -l vimv# output: -rwxr-xr-x./vimv # I, the owner, can execute!chmod u-x vimv./vimv# zsh: permission denied: ./vimv - I can no longer execute!# add a user for testingsudo useradd -m bobsudo usermod -s /bin/bash bobsudo passwd bob # set password# switch to that user and try to execute the filesudo su bob./vimv # bob can execute!exit# add bob to currentuser groupsudo usermod -aG currentuser bobchmod u+x ./vimvchmod g-x ./vimvsudo su bob./vimv# bash: ./vimv: Permission denied# currentuser group can no longer execute! Only the file owner and others can# remove the usersudo userdel bobsudo rm -rf /user/bob
Numeric permissions
Shorthand for permissions - less user friendly, but I tend to find this easier/quicker.
chmod [W]XYZ file.txt # where X, Y, and Z are numbers 0-7 and W is 1, 2, or 4
X = user
Y = group
Z = other
W = special permissions
1 = sticky bit - prevent accidental file deletion by users who are not the file owner
2 = setgid - command should always run as its group owner
4 = setuid - command should always run as its owner
for user, group, other:
read = 4
write = 2
exec = 1
…then add them up!
e.g. 4+2 is read + write or rw-
commonly used:
644 is -rw-r--r--
755 is -rwx-r-xr-x
400 is -r--------
Binary breakdown
I rarely actually think through it this way, but for some reason knowing the binary explanation always helps me to grasp the concept (e.g. subnetting).
If you think of rwx as a three digit binary number - recall that 1000 in binary is decimal 8, so it follows that the options would be decimal 1-7 - and imagine that a 1 in that binary place is the permission “flipped on” and a 0 in that binary place is the permission “flipped off” - then it follows that:
# find all files in /var/www/html and change permissions to 644# find all directories in /var/www/html and change permissions to 755find /var/www/html \ \( -type f -execdir chmod 644 {} \; \) \-o \( -type d -execdir chmod 755 {} \; \)
# find all files in current directory with abnormal (not 644) permissions and display their permissions# use tr to squeeze extra spaces into one space# use cut to display only the permissions and filepathfind . \( -not -perm 644 -a -type f \) -exec ls -l {} \; | tr -s ' ' | cut -d' ' -f1,9
Notes on permissions in directories
read: list files in the directory
write: add files to or remove files from the directory
execute: view information about files in the directory, as well as do things such as cd into the directory
typical directory permissions for group and other are r-x: list the directory’s contents, act on files in the directory, but not write to the directory.
Tips from today
ll is alias for ls -l
You can use \( \) (escaped parentheses) to group logical operations in the find command
Use tr -s ' ' to remove extra spaces in stdout
Comma separated list of fields in cut command works if you only want specific fields