- How to: SSH into your webhost using cPanel credentials through Linux Console
- SSH to WebHost using public/private SSH keys login generated by cPanel
- Howto: Generate SSH Keys on your local computer and use with the Server
- System, Network & Disk management Linux commands you should know to manage your web server
- Common directory and file management commands in Linux
- User and Group Management in Linux – System Administration & Advanced Concepts
- Understand File and Directory Permissions in Linux – Concept and Viewing
- Change File and Directory Permissions in Linux – Terminal Commands
So last time, we talked about the concepts of File and Directory permissions and means to view them using terminal command ls -l. But one thing, that is yet to explain, is the ways to modify the permissions and ownership information.
As you have guessed, in this part we are going to look into chown, chgrp and chmod commands to see how exactly we are supposed to perform permission related operations.
#1: Modifying the Ownership of a file:
The superuser can modify the ownership information of a file, ie, s/he can change the User and Group owner of a file. The commands to use are chown and chgrp respectively.
#1.1: Modifying Owner User using chown:
The synopsis is to use the command followed by the username or ID of the new owner followed by the file path.
chown user_name file
The command above should change the owner of the file to user_name. We can also combine owner group with the user_name using a colon (:), in order to change the Owner group in a single shot. The command would be:
chown user_name:user_group file
To recursively apply the new owner information on all subdirectories and files of a directory, we use it with -R parameter.
chown -R user:group dir
#1.2: Modifying Owner Group using chgrp:
This is used just to change the group of a file.
chgrp group_name file
Similarly for recursive operation, we would use:
chgrp -R group_name dir
#2: Change file and directory permissions:
To modify file permissions, we use chmod. The owner User of the file or the superuser can execute this command.
chmod has two modes of operations, symbolic mode and numeric mode. We shall see the two modes separately. But before we do, let us quickly revise the operations and their symbolic and octal representation.
#2.0: Representation of Operations:
The possible permissions are obviously Read, Write and Execute. Their representation and effects (for a quick revision) are as follows:
|Read||r||4||Affected users can Read the file.||Affected users can list the files within the directory.|
|Write||w||2||Affected users can modify the file.||Affected users can create, rename or delete files inside the directory and modify the directory’s attributes.So, if a file has Write bit set, then we can only edit that file, but we will be able to rename or delete it, only if the parent directory has write permission.|
|Execute||x||1||The file can be executed by the affected users. For example a script or an application file.||Affected users can enter the directory and access files and directories inside.Note that, a directory must have both Read and Execute permission in order to let proper access to all the files inside it. With just execute permission, the affected users can access the directory, but can not list files within it.|
|No Permission||–||0||None of the above operations can be performed by the affected users.|
#2.1: Symbolic mode:
The synopsis of symbolic mode is:
chmod [OPTION] ... MODE[,MODE]... FILE...
The mode is decided by the following sequence:
- First we decide the Ownership for which we will be changing the mode. It can be User(u), Group(g), Others (o). We can also refer to multiple Owners by concatenating corresponding symbols (ug for User and Group, go for Group and Other etc).
- Next, we decide the operation.
- To add permissions we use +.
- To remove permissions we use -.
- To make a new permission altogether, we use =.
- The last one is to decide the permissions. Basically, we use the symbolic representation of the permissions.
- For Read we use r.
- For Write we use w.
- For Execute we use x.
It might sound a but tricky at the beginning, but once you get a hold of it becomes easier to remember.
chmod u+x file1
|Add the Execute permission for the Owner User.|
chmod o+rwx file1
|Add the Read, Write and Execute for the Other.|
chmod g=rx file1
|Set permission to Read and Execute for the Group.|
chmod ug=rwx,o=rx file1
|Set Read, Write, Execute for User and Group and Read and Execute for Other.|
chmod g+x,o-x file1
|Add Execute to Group, Remove Execute from Other.|
chmod a=rwx file1
|Pretty simple, aren’t they? Here, file1 is basically the name of the file to which we are performing the operation.|
#2.2: Numeric (Octal) Mode:
The synopsis is:
chmod [OPTION] ... OCTAL-MODE FILE ...
Where OCTAL-MODE is basically a 3 digit octal number which corresponds the permissions.
- The first digit is the summation of all permissions for User.
- The second digit is the summation of all permissions for the Group.
- The third is the same for Other.
So, how do we calculate the summation of the permissions? Yes, as you might have guessed, it is just the summation of the Octal representation of the operations. So, the octal digit 7 (4+2+1), would mean Read, Write and Execute. Similarly (2+1) 3 would mean, Write and Execute. Here is a list for your quick reference.
|Octal Number||Breakdown||Symbolic Equivalence|
|7||4 + 2 + 1||
|6||4 + 2||
|5||4 + 1||
|3||2 + 1||
Once decided, we pile up the permission bits in the order mentioned before (User, Group, Other). So a permission bit 640 would mean
rw- r-- ---
chmod 740 file1
| Add the permissions:
rwx r-- ---
chmod 664 file1
|Add the permissions:
rw- rw- r--
chmod 640 file1
|Add the permissions:
rw- r-- ---
The most useful parameters are:
- -R : To apply changes recursively to a directory.
- -v : Verbose, ie, to state what it is doing at each step.
chmod -Rv a=rwx dir1
#3: Modifying the sticky bit of a directory:
Remember the concept of sticky bit we talked about in the last tutorial? We have seen how to view the sticky bit and it shows up as an additional character “t” if a directory has a sticky bit. Now to set it, we can do one of the followings. Please note that, sticky bit does not correspond to any particular Owner, rather it is a characteristics bit of the directory itself.
#3.1: Using Symbolic Mode:
The symbol to use here is t. So an example would be:
chmod +t dir
To add sticky bit to the directory named dir.
#3.2: Using Numeric (Octal) Mode:
We have to add an extra number 1 before the permission digit. So an example would be:
chmod 1773 dir
So that was the end of Files and Directory permissions. If you have read and understand the two tutorials, then you would never find yourself lost when dealing with such things. If you do feel however, then you know where to ask.