You are currently viewing Linux Commands – chmod

Linux Commands – chmod

  • Post author:
  • Post category:Linux

Linux Commands – chmod

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we have discussed usermod command in Linux which is used to modify a user.

https://cloudaffaire.com/linux-commands-usermod/

In this blog post, we will discuss chmod command in Linux. chmod command stands for change mode and is used to change file mode. chmod changes the file mode bits of each given file according to mode. Before starting with the chmod command, let us explain the file permission as represented by ls long listing (-l) command.

[1]. FileType:

The 1st character represents the file type. In Linux you have different types of files, below are some of the file types available in Linux and their representation in the ls output.

Character Interpretation
regular file
b block special file
c character special file
C high performance (“contiguous data”) file
d directory
D door (Solaris 2.5 and up)
l symbolic link
M off-line (“migrated”) file (Cray DMF)
n network special file (HP-UX)
p FIFO (named pipe)
P port (Solaris 10 and up)
s socket
? some other file type

[2]. File permission for user:

[3]. File permission for group:

[4]. File permission for others:

The next nine characters represent the file permissions and are divided into a chunk of three characters with the first three representing user permission, second three representing group permission, and last three for all user (world) permission. Below are the permissions available for files in Linux with their representation in the ls output.

Type Mode Permission [2]. User’s Bit (rw[x|s|S]——) [3]. Group’s Bit (—rw[x|s|S]—) [4]. Other’s Bit (——rwx[t|T])
File r– read file owner has read access file owner group has read access others have read access
File -w- write file owner has write access file owner group has write access others have write access
File –x execute file owner has execute access file owner group has execute access others have execute access
File –s setuid/setgid + x (execute) setuid is set with execute (x) setgid is set with execute (x) NA
File –S setuid/setgid – x (execute) setuid is set without execute (x) setgid is set without execute (x) NA
File —t sticky bit + x (execute) NA NA No effect on file access
File —T sticky bit – x (execute) NA NA No effect on file access
File –X execute/search access if already had execute permission for some user NA NA NA
File no other bit is set file owner has no access file owner group has no access others have no access
Directory r– read dir owner can list dir contents dir owner group can list dir contents others can list dir contents
Directory -w- write dir owner can modify dir content dir owner group can modify dir content others can modify dir content
Directory –x execute dir owner can get inside the dir dir owner group can get inside the dir others can get inside the dir
Directory –s setuid/setgid + x (execute) No effect on directory access setgid is set with execute (x) NA
Directory –S setuid/setgid – x (execute) No effect on directory access setgid is set without execute (x) NA
Directory —t sticky bit + x (execute) NA NA others cannot modify dir contents
Directory —T sticky bit – x (execute) NA NA No effect on dir access
Directory –X execute/search access if already had execute permission for some user dir owner can get inside the dir dir owner group can get inside the dir others can get inside the dir
Directory no other bit is set dir owner has no access dir owner group has no access others have no access

[5]. NumberOfLinks:

This number is the hardlink count of the file, when referring to a file, or the number of contained directory entries when referring to a directory.

[6]. Owner:

The owner of the file.

[7]. Group:

The owner group of the file.

[8]. SizeInBytes:

The size of the file in bytes.

[9]. LastModified:

The date and time when the file was last modified.

[10]. FileName:

The name of the file.

Special permission modes:

In Linux, there are three special permission bits available namely setuid, stegid, and sticky bit.

Setuid: setuid can be set on an executable binary file. If setuid is set, the binary will be executed with its owner privileges instead of executioner privileges. One example of setuid is passwd binary, which whenever called executes as root privilege (passwd owner) irrespective of the executioner privileges and is used to set password. Setuid has no effect on a directory with respect to directory permissions.

Setgid: setgid is similar to setuid but effects both file and directory differently. In the case of a file, if setgid is set, the file will be executed with owner group privileges instead of executioner group privileges. In the case of a directory, if setgid is set, all the files within the directory will have the same group as the directory instead of the user group who created those files. One example of setgid is to create a file share.

Sticky bit: sticky bit only affects the permission of a directory. When set on a directory, only the file owners, directory owner or root can modify the files/directory within the directory where it’s set. On example is /tmp directory where any user with any privileges can manipulate his files and directory but cannot manipulate others files and directories by default.

Linux Commands – chmod:

You can use chmod command to change file and directory permission.

chmod changes the file mode bits of each given file according to mode, which can be either a symbolic representation of changes to make or an octal number representing the bit pattern for the new mode bits.

symbolic representation:

The format of a symbolic mode is [ugoa…][[+-=][perms…]…], where perms are either zero or more letters from the set rwxXst, or a single letter from the set ugo. Multiple symbolic modes can be given, separated by commas. Below is the meaning of each character that can be passed in symbolic representation.

user bits interpretation
u the user who owns it
g other users in the file’s group
o other users not in the file’s group
a all users, equivalent to ugo.
action bits interpretation
+ causes the selected file mode bits to be added to the existing file mode bits of each file
causes the selected file mode bits to be removed from the existing file mode bits of each file
= causes the selected file mode bits to be added or if unmentioned, bits to be removed (except dir SETUID or SETGID).
permission bits interpretation
r if read bit is set
w if write bit is set
s If the set-user-ID or set-group-ID bit and the corresponding executable bit are both set
t If the restricted deletion flag or sticky bit, and the other-executable bit, are both set.
X execute/search permission is affected only if the file is a directory or already had execute permission.
x If the executable bit is set and none of the above apply.

 

numeric representation:

A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 4, 2, and 1. Below is the meaning of each number in numeric representation.

  • The first digit selects the set user ID (4) and set group ID (2) and restricted deletion or sticky (1) attributes.
  • The second digit selects permissions for the user who owns the file: read (4), write (2), and execute (1)
  • the third selects permissions for other users in the files group: read (4), write (2), and execute (1)
  • the fourth for other users not in the files group: read (4), write (2), and execute (1)

You can use chmod -c or –changes options to verbosely describe the action for each FILE whose permissions actually changes.

You can use chmod -f or –silent or –quiet options to not print error messages about files whose permissions cannot be changed.

You can use chmod -R or –recursive options to recursively change permissions of directories and their contents.

You can use chmod -v or –verbose options to verbosely describe the action or non-action taken for every FILE.

You can use chmod –reference=REF_FILE options to change the mode of each FILE to be the same as that of REF_FILE.

Note: If REF_FILE is a symbolic link, do not use the mode of the symbolic link, but rather that of the file it refers to.

You can use chmod –preserve-root option to fail upon any attempt to recursively change the root directory, ‘/’. Without ‘–recursive’, this option has no effect. This is a failsafe mechanism of OS to protect accidental change of file permission critical to the OS.

You can use chmod –no-preserve-root option to cancel the effect of any preceding ‘–preserve-root’ option. This is a very dangerous command and should be avoided. Do not try to execute the below command, given just as an example.

Hope you have enjoyed this article. In the next blog post, we will discuss chown command.