- Temu vs. Amazon: Which shopping site is best for your buying needs?
- ANZ CIO Challenges: AI, Cybersecurity & Data Analytics for 2025
- Want generative AI LLMs integrated with your business data? You need RAG
- AI could alter data science as we know it - here's why
- The best external hard drives of 2024: Expert tested
Group File, Directory and Device permissions: chmod
Group File, Directory and Device permissions: chmod |
Set file, directory and device permissions:
File, directory and device permissions can be set to allow or deny access to members of their own group or all others. Modification of file, directory and device access is achieved with the chmod command.
The permissions can be assigned in octal notation or in the more easily recognized character format where the command form is: chmod [ugoa][+-=][rwxXst] fileORdirectoryName
|
|
|
Note: Other file systems can be mounted by Linux which support more file and directory options. This tutorial applies to the most popular Linus file systems: ext2, ext3, xfs and reiserfs
Examples:
- Grant read access (r) to a file to all members of your group (g):
chmod g+r file-name - Grant read access to a directory to all members your group:
chmod g+rx directory-name
Note that “execute” permission is required in order to read a directory. - Grant read permissions to everyone on the system to a file which you own so that everyone may read it: (u)ser, (g)roup and (o)ther.
chmod ugo+r file-name - Grant read permissions on a directory to everyone on the system:
chmod ugo+rx directory-name - Grant modify or delete permissions to a file which you own for everyone in the group:
chmod ugo+rw file-name
Note: In order for modify and delete permissions to be useful, one must be able to modify the directory in which the file is located:chmod ugo+rwx ./ - Deny read access to a file by everyone except yourself:
chmod go-r file-name - Allow everyone in your group to be able to modify the file:
chmod 660 file-name
View file, directory and device permissions:
Permissions may be viewed by issuing the command: ls -l file-name
- File can be written by youself and members of the group. Others may only view it.
-rw-rw-r-- user group file-size date file-name - Directory is completely open for read/write:
drwxrwxrwx user group file-size date directory-name - File can only be accessed by owner (user):
-rwx------ user group file-size date file-name
Where the first block of “rwx” represents the permissions for the user (u), the second is for the group (g) and the third is for others (o). The “-” represents no access for that access placeholder for user, group or other.
Octal codes: |
Permissions may be granted using human readable assignments “rwx” or octal codes.
-
Description Abreviation Octal code Read access r 4 Write (change) permission w 2 Execute script of binary executable x 1 Read and Execute rx 5 Read and Write rw 6 Read, Write and Execute rwx 7
Use of octal assignment does not add or remove permission, but assigns the permission explicitly.
Examples:
- Assign yourself full access to read and modify the file, allow members of the group to read it and do not allow any others access:
chmod 640 filename - Assign execute status to a script with the same access as the previous example. (Without it, a script is like any other text file)
chmod 740 filename
Groups and Group Members: configuration files /etc/passwd, /etc/group |
Users are members of a default group. Red Hat Linux (also Fedora Core, CentOS, etc.) will add new users to a group of the same group name as the user name. The default group for a user is specified in the file /etc/passwd
- Format:
user-name:x:user-number:group-number:comment section:/home-directory:default-shell
Example:
user1:x:500:500:Greg:/home/user1:/bin/bash
A new user may be created and assigned a group with the useradd command:
- Add a new user and assign them to be members of the group “accounting”:
useradd -m -g accounting user2 - Add a new user and assign them to be members of the initial group “accounting” and supplementary group “floppy”:
useradd -m -g accounting -G floppy user1
Command arguments for useradd:
-
Argument Description -m Create a home directory in /home/ -M No home directory created. -g Specify the initial group for the user. -G Specify the initial group for the user by using the group number. -s Specify the default shell for the user. If not specified set to /bin/bash -e Specify the expiration date. Format YYY-MM-DD -f Number of days after a password expires that an account is disabled. By default this feature is disabled (-1) -u Specify the user id number to be used. Defaults specified in /etc/login.defs
View group membership for a user with the command “groups“. Example: groups user2
The user id has a user system number associated with it (uid) and this is defined in /etc/passwd.
The group has a group system number (gid) associated with it and this is defined in /etc/group
Format:
group-name:x:group-number:user1,user2 |
Example:
user1:x:500: user2:x:501: floppy:x:19:user1 accounting:x:600:user2 apache:x:48: |