Skip to the content.

Linux Modes and Permissions - Basics

Every file in the file system has 3 modes - read, write and execute and 3 permission levels - owner, group and others.

The read, write and execute permissions of file’s owner, file’s group owner and everybody else are specified using 3 characters each. Totaling to 9 characters + 2 additional characters (we’ll see later what those are) = 11 characters.

1st character: r : readable 2nd character: w : writable 3rd character: x : executable Additional characters: s/t : executable and setuid/setgid/sticky S/T : setuid/setgid/sticky but not executable

Owner Group World
rwx rwx rwx

chmod

This command is used to change the file’s permissions. This command is used in 2 ways

Using octal representation

Since we use only 3 values to denote read, write and execute, it could be easily represented as a octal value between 0 to 7.

Octal Binary FileMode 0 000 — 1 001 –x 2 010 -w- 3 011 -wx 4 100 r– 5 101 r-x 6 110 rw- 7 111 rwx

Example:

eipe@eipe-system:~/temp$ ls -l total 4 -rw-r–r– 1 eipe eipe 6 2010-12-08 18:10 eipe -rw-r–r– 1 eipe eipe 0 2010-12-05 15:48 john

eipe@eipe-system:~/temp$ chmod 660 john

eipe@eipe-system:~/temp$ ls -l total 4 -rw-r–r– 1 eipe eipe 6 2010-12-08 18:10 eipe -rw-rw—- 1 eipe eipe 0 2010-12-05 15:48 john

Using symbolic notation

it’s divided into 3 parts **** The notations used are:

< u / g / o / a >< + / - / = >< r / w / x >

u – user/file owner g – group owner o – others/public a – all, includes u,g,o

eipe@eipe-system:~/temp$ chmod go+rw eipe eipe@eipe-system:~/temp$ ls -l total 4 -rw-rw-rw- 1 eipe eipe 6 2010-12-08 18:10 eipe -rw-rw—- 1 eipe eipe 0 2010-12-05 15:48 john

eipe@eipe-system:~/temp$ chmod u+x,go-rwx eipe eipe@eipe-system:~/temp$ ls -l total 4 -rwx—— 1 eipe eipe 6 2010-12-08 18:10 eipe -rw-rw—- 1 eipe eipe 0 2010-12-05 15:48 john

Using GUI In both Nautilus (GNOME) and Konqueror (KDE), right-clicking a file or directory icon will open a properties dialog.

Meaning of read, write and execute

read Permission

On Files:
Allows files to be opened and read.
On Directories:
Allows to list the contents within the directory. But it does not show any information other than the filename.

Example:

eipe@eipe-system:~$ mkdir privatedir eipe@eipe-system:~$ chmod o-x privatedir eipe@eipe-system:~$ cd privatedir/ eipe@eipe-system:~/privatedir$ touch privatefile eipe@eipe-system:~/privatedir$ mkdir insidepdir eipe@eipe-system:~/privatedir$ chmod o-x insidepdir

Now another user say, Tom logs in,

eipe@eipe-system:~$ su tom Password: tom@eipe-system:/home/eipe$ cd privatedir bash: cd: privatedir: Permission denied tom@eipe-system:/home/eipe$ ls -l privatedir ls: cannot access privatedir/insidepdir: Permission denied ls: cannot access privatedir/privatefile: Permission denied total 0 d????????? ? ? ? ? ? insidepdir -????????? ? ? ? ? ? privatefile

tom@eipe-system:/home/eipe/privatedir$ cat privatefile this is a file tom@eipe-system:/home/eipe/privatedir$ cat»privatefile bash: privatefile: Permission denied

write Permissions

On Files:
Allows files to be written/truncated.
On Directories:
Allows files to be created/deleted/renamed within the directory.

Example is given at the end.

execute Permissions

On File:
Allows files to be executed. This permission must be set for executable binaries (For eg, a compiled C program) or shell scripts (For eg, a Perl program) in order to allow the operating system to run them.
On Directories:
Allows the entry into the directory.

Example: Let’s provide execute permission on privatedir

eipe@eipe-system:~$ chmod o+x privatedir eipe@eipe-system:~$ cd privatedir/ eipe@eipe-system:~/privatedir$ cat»privatefile this is a file ^C eipe@eipe-system:~/privatedir$ cd insidepdir/ eipe@eipe-system:~/privatedir/insidepdir$ cat>insidefile this is inside^C eipe@eipe-system:~/privatedir/insidepdir$ cd .. eipe@eipe-system:~/privatedir$ ls -l total 8 drwxr-xr– 2 eipe egroup 4096 2011-02-02 22:09 insidepdir -rw-r–r– 1 eipe egroup 15 2011-02-02 21:41 privatefile

Now Tom logs in,

tom@eipe-system:/home/eipe$ ls -l privatedir total 4 drwxr-xr– 2 eipe egroup 4096 2011-02-02 21:27 insidepdir -rw-r–r– 1 eipe egroup 0 2011-02-02 21:27 privatefile

this is because privatedir is executable. Now let’s try a search

tom@eipe-system:/home/eipe$ cd privatedir/ tom@eipe-system:/home/eipe/privatedir$ find . -name “insidefile” -type f

No output is displayed. That means the file was not found. This is because to open/see a file within a directory (In this case, privatedir/insidedir/insidefile), the user needs to have execute permission not only in privatedir but also in every direcotry that comes in that path.

eipe@eipe-system:~/privatedir$ chmod o+x insidepdir tom@eipe-system:/home/eipe/privatedir$ find . -name “insidefile” -type f ./insidepdir/insidefile

Now it works!!!

But still tom cannot do anything in privatedir or in insidedir other than viewing.

tom@eipe-system:/home/eipe/privatedir$ touch otherprivatefile touch: cannot touch `otherprivatefile’: Permission denied

For this we need to set the write permissions on the directories.

eipe@eipe-system:~$ chmod o+w privatedir

tom@eipe-system:/home/eipe/privatedir$ touch otherprivatefile tom@eipe-system:/home/eipe/privatedir$ ls -l total 8 drwxr-xr-x 2 eipe egroup 4096 2011-02-02 22:09 insidepdir -rw-r–r– 1 tom tgroup 0 2011-02-02 22:34 otherprivatefile -rw-r–r– 1 eipe egroup 15 2011-02-02 21:41 privatefile

Continue here