In Linux the file permissions are divided to 3, read permission, write permission and execute permission, it is also divided to this 3 entity, the user that is owner of the file, the group owner of the file and other.
The permissions have:
1 is the execute permission – in binary 001
2 is the write permission – in binary 010
4 is the read permission – in binary 100
We can added the number to have more than one permission, for example if we want read and write permission, then we add 4 (read permission) and 2 (write permission) 4+2=6, and 6 is read and write permission together.
we can also combine the binary bit, so:
010 100 --- 110
And 110 is 4 in binary.
Read and execute will be 1 (execute permission) and 4 (read permission), 1+4 =5 and so on.
If the number is zero then it mean that we have no permission.
The first number is the user permission, the second is the group permission, and the third is the other permission (every one who is not the user, or belong to the group of the file).
We can use ls -l to see full permission of file.
[root@server06017 bin]# ls -l total 290168 -rwxrwxr-x 1 root root 86 Jan 31 2016 add-host-to-etc-hosts.sh -rw-r--r-- 1 root root 296904406 Aug 29 12:40 autopassSuperHub-0.0.1.war -rwxrwxr-x 1 root root 420 Jan 31 2016 check-port-up.sh -rwxrwxr-x 1 root root 28319 Aug 29 12:40 cookbook.xml -rwxrwxr-x 1 root root 70 Jan 31 2016 create-install-dir-location-file.sh -rwxrwxr-x 1 root root 794 Mar 17 16:01 hp_usagehub -rwxrwxr-x 1 root root 288 Jun 27 13:39 launch-debug.sh -rwxrwxr-x 1 root root 173 Aug 29 12:04 launch.sh -rwxr-xr-x 1 root root 218 Aug 29 12:04 launch.sh.orig drwxrwxrwx 2 root root 4096 Jun 27 10:13 logs -rwxrwxr-x 1 root root 132 May 2 12:13 postgres-install.sh -rw-rw-r-- 1 root root 0 May 2 12:13 postgres-remove-password.sh -rwxrwxr-x 1 root root 133 Mar 10 14:37 postgres-uninstall.sh -rwxrwxr-x 1 root root 1349 Apr 11 16:10 read-postgres-server-properties.sh -rwxrwxr-x 1 root root 126 Jan 31 2016 relaunch.sh -rwxrwxr-x 1 root root 9156 Aug 29 12:40 remote-cookbook.xml -rwxrwxr-x 1 root root 65 Jan 31 2016 remove-install-dir-location-file.sh -rw-r--r-- 1 root root 4507 Aug 29 12:40 stderr.log -rw-r--r-- 1 root root 117288 Aug 29 12:40 stdout.log -rwxrwxr-x 1 root root 502 Jan 31 2016 usagehub-postgres-config-1.sh
Let take a look in the first file’s line
-rwxrwxr-x 1 root root 86 Jan 31 2016 add-host-to-etc-hosts.sh
The first ‘- ‘ is for the file type, if it is ‘-‘ then it mean that it is a regular file.
‘d’ – mean directory.
‘l’ – mean soft link.
After the file type we have the permission, in the following order:
user [read, write, execute] group[read, write, execute] other[read, write, execute]
So the first triple is for the user permission, and we ‘rwx’. That mean that the user who own the file has all 3 permission. The same go for the group. The last is for other, and that is everyone that is not included who is the user or belong to the group. In the other triple we have ‘r-x’, so instead of the ‘w’, we have ‘-‘, and that mean that other has NO write permission. so when we have – in the triple of the permission, then that mean, that we don’t have that permission (the ‘we’ depend in the triple, first – user, second – group, third – other). If the permission exist then we have the letter that represent the permission:
r – for reading.
w – for writing.
x – for executing.
In order to change permission, we can use the
The structure is the following:
chmod <to-who u(user)|g(group)|o(other)> <action = + -> <permission wrx> <file name>
For example, say we have the following:
[bob@localhost ~]$ ls -l total 4 -rwxrwxr-x. 1 bob bob 111 Aug 19 14:53 showusername.sh
And we want to remove the read and execute permission for other (the last triple).
The we run:
[bob@localhost ~]$ chmod o-rx showusername.sh [bob@localhost ~]$ ls -l total 4 -rwxrwx---. 1 bob bob 111 Aug 19 14:53 showusername.sh
So the ‘o’ mean other, this is because we want to change permission for other.
The ‘-‘ mean to remove permission. The ‘rx’ mean read (r) and execute (x). and last the file name.
So it mean that we want to remove the r and execute permission from other.
And indeed, in the
ls -l after the command, we see only ‘—‘ for the last triple, meaning other has no permission at all. Before they had read and execute permission.
If we want to add permission, then we need to use the ‘+’, which mean add permission.
For example, say we would like to give other all the permission, on the file from the last example:
[bob@localhost ~]$ chmod o+rwx showusername.sh [bob@localhost ~]$ ls -l total 4 -rwxrwxrwx. 1 bob bob 111 Aug 19 14:53 showusername.sh
So when we look on the last triple, we see that other have all the 3 permission (read, write and execute).
If we would like to change the permission to exact value, then we can use ‘=’or number (that represent permission).
For example say we want to change the permission of other of the file from previous example, to only read and execute:
[bob@localhost ~]$ chmod o=rx showusername.sh [bob@localhost ~]$ ls -l total 4 -rwxrwxr-x. 1 bob bob 111 Aug 19 14:53 showusername.sh
And as we can see now the permission of other is only read and execute.
We can get the same effect with number.
The number for read is 4 and for execute is 1, together they are 5. So the number for read and execute is 5.
If we want to change the permission for all (user, group and other), to be only read and execute:
[bob@localhost ~]$ chmod 555 showusername.sh [bob@localhost ~]$ ls -l total 4 -r-xr-xr-x. 1 bob bob 111 Aug 19 14:53 showusername.sh
And now we can see that in all three triples, we have only read and execute permission.