Simple Ubuntu Server: Part 6 – File Permissions and Ownership

This part covers information that is essential for any systems administrator to understand, file permissions and ownership. Since you are (or may be if you didn’t follow the previous section) using a server version of Ubuntu, the assumption is that more people other than yourself will be accessing resources on the machine. Even if you are the only expected user, it is still important to understand file permissions and ownership.

Lets dive right into file permissions. There are three permissions for each and every file on your system:

  • Read – this allows you to open and read the contents of a file
  • Write – this allows you to modify the contents of a file
  • Execute – this allows you to execute the file as a program or shell script

These same permissions exist for each directory as well, with differences as follows:

  • Read – this allows you to list the contents of the directory (i.e. ls)
  • Write – this allows you to modify the contents of the directory (i.e. create, delete, rename)
  • Execute – this allows you to traverse the directory (i.e. cd)

In order to view the current permissions of a file/directory, you can use the following command (add the -a option to view hidden files and directories)

ls -l

The output will be similar to this:

ls -l output

ls -l output

From left to right, the information is:

file type & permissions : number of links to it : its owner : group it belongs too : size in bytes : last modified date & time : name

All are  self explanatory except for the first field, file type and permissions. The file type field can have 7 different values:

  • d     # directory
  • –      # regular file
  • l     # symbolic link
  • s     # domain socket
  • p     # named pipe
  • c     # character device file
  • b     # block device file

By far the most common you’ll see in everyday use are the first two (d and ), and occasionally the third (l).

Next up is permissions. This section is 3 groupings of 3 characters. The first group corresponds to the user/owner, the second to the group, and the third to other/world. Each of the characters can have the value:

  • r     # read
  • w     # write
  • x     # execute
  • –     # nothing

In our example output from above, you can see that the testdirectory is a directory since it starts with the letter d, and allows the following:

  • user/owner     # can read, write and execute
  • group     # can read, write and execute
  • other/world     # can read and execute

This means that the user, john.doe as owner of the file, has full access, along with everyone that is part of the group office.users. Everyone that isn’t the user john.doe or doesn’t belong to the group office.users only has read and execute permission (thus the “world” can only search, list and traverse the directory, but not modify or change it’s contents in anyway).

As for the next entry, testfile.extension, it is a regular file since it starts with the character (a dash), and allows the following:

  • user/owner     # can read and write but not execute
  • group     # can read and write but not execute
  • other/world     # can read

So now that you understand what permissions are and what they do, lets take a look at how you can change them, of which there are two ways. Which way you prefer depends on your preference. I like the first way best, but you may like the second. No matter what method you use, you will use chmod to change the permissions. Remember that you can read the man page for more information.

man chmod

First method. Remember that each item can either be r, w, x, or –? In this method, each of those is assigned a number:

  • r = 4
  • w = 2
  • x = 1
  • – = 0

And to change the permissions of a file, all you do is specify the additive number for the permissions you want for each group. If that doesn’t make sense, take a look at this and the examples below and it should:

  • 7 = 4+2+1 = rwx
  • 6 = 4+2+0 = rw-
  • 5 = 4+1+0 = r-x
  • 4 = 4+0+0 = r–
  • 3 = 2+1+0 = -wx
  • 2 = 2+0+0 = -w-
  • 1 = 1+0+0 = –x
  • 0 = 0+0+0 = —
chmod 755 testdirectory
chmod 755 testdirectory

chmod 755 testdirectory

chmod 644 testdirectory
chmod 644 testdirectory

chmod 644 testdirectory

chmod 700 testfile.extension
chmod 700 testfile.extension

chmod 700 testfile.extension

chmod 777 testfile.extension
chmod 777 testfile.extension

chmod 777 testfile.extension

 Second method. In the second method, you simply state the who you would like to change the permissions for:

  • u     # user/owner
  • g     # group
  • o     # other/world
  • a     # all

Whether you want to add, remove or set the permission exactly (removing all else)

  • +     # add permission
  • –     # remove permission
  • =     # set permission (removing everything not specified)

And what the permission should be:

  • r     # read
  • w     # write
  • x     # execute
chmod a=rwx testfile.extension
chmod a=rwx testfile.extension

chmod a=rwx testfile.extension

chmod go-wx testfile.extension
chmod go-wx testfile.extension

chmod go-wx testfile.extension

chmod g+w testfile.extension
chmod g+w testfile.extension

chmod g+w testfile.extension

chmod o+x testfile.extension
chmod o+x testfile.extension

chmod o+x testfile.extension

Changing ownership. Up last is how to change ownership. This is very straightforward compared to permissions, and is accomplished using the chown command. All you do is use the following command:

chown ownername:groupname filename

If you leave out the “:groupname” part, the only the owner will change. Similarly, if you leave out the “ownername” part, only the groupname will change. The -R option will all you to recursively change the owner/group for all files/directories below it.

chown seawolf167 testfile.extension
chown seawolf167 testfile.extension

chown seawolf167 testfile.extension

chown :seawolf167 testfile.extension
chown :seawolf167 testfile.extension

chown :seawolf167 testfile.extension

chown john.doe:office.users testfile.extension
chown john.doe:office.users testfile.extension

chown john.doe:office.users testfile.extension

Tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

Protected by WP Anti Spam