Group File, Directory and Device permissions: chmod

Group File, Directory and Device permissions: chmod

Set file, directory and device permissions:

File, directory and device permissions can be set to allow or deny access to members of their own group or all others. Modification of file, directory and device access is achieved with the chmod command.

The permissions can be assigned in octal notation or in the more easily recognized character format where the command form is: chmod [ugoa][+-=][rwxXst] fileORdirectoryName

u User access
g Group access
o Other system user’s access
a Equivilent to “ugo”
+ Add access
Remove access
= Access explicitly assigned
r Permission to read a file
Permission to read a directory (also requires “x”)
w Permission to delete or modify a file
Permission to delete or modify files in a directory
x Permission to execute a file/script
Permission to read a directory (also requires “r”)
s Set user or group ID on execution.
u Permissions granted to the user who owns the file
t Set “sticky bit. Execute file/script as user root for regular user.

Note: Other file systems can be mounted by Linux which support more file and directory options. This tutorial applies to the most popular Linus file systems: ext2, ext3, xfs and reiserfs

Examples:

  • Grant read access (r) to a file to all members of your group (g): 
    chmod g+r file-name
  • Grant read access to a directory to all members your group: 
    chmod g+rx directory-name 
    Note that “execute” permission is required in order to read a directory.
  • Grant read permissions to everyone on the system to a file which you own so that everyone may read it: (u)ser, (g)roup and (o)ther. 
    chmod ugo+r file-name
  • Grant read permissions on a directory to everyone on the system: 
    chmod ugo+rx directory-name
  • Grant modify or delete permissions to a file which you own for everyone in the group: 
    chmod ugo+rw file-name 
    Note: In order for modify and delete permissions to be useful, one must be able to modify the directory in which the file is located:chmod ugo+rwx ./
  • Deny read access to a file by everyone except yourself: 
    chmod go-r file-name
  • Allow everyone in your group to be able to modify the file: 
    chmod 660 file-name

 

View file, directory and device permissions:

Permissions may be viewed by issuing the command: ls -l file-name

  • File can be written by youself and members of the group. Others may only view it. 
    -rw-rw-r-- user group file-size date file-name
  • Directory is completely open for read/write: 
    drwxrwxrwx user group file-size date directory-name
  • File can only be accessed by owner (user): 
    -rwx------ user group file-size date file-name

Where the first block of “rwx” represents the permissions for the user (u), the second is for the group (g) and the third is for others (o). The “-” represents no access for that access placeholder for user, group or other.

 

Octal codes:

Permissions may be granted using human readable assignments “rwx” or octal codes.

Description Abreviation Octal code
Read access r 4
Write (change) permission w 2
Execute script of binary executable x 1
Read and Execute rx 5
Read and Write rw 6
Read, Write and Execute rwx 7

Use of octal assignment does not add or remove permission, but assigns the permission explicitly. 
Examples:

  • Assign yourself full access to read and modify the file, allow members of the group to read it and do not allow any others access: 
    chmod 640 filename
  • Assign execute status to a script with the same access as the previous example. (Without it, a script is like any other text file) 
    chmod 740 filename


Groups and Group Members: configuration files /etc/passwd, /etc/group

Users are members of a default group. Red Hat Linux (also Fedora Core, CentOS, etc.) will add new users to a group of the same group name as the user name. The default group for a user is specified in the file /etc/passwd

Format:

user-name:x:user-number:group-number:comment section:/home-directory:default-shell

Example:

user1:x:500:500:Greg:/home/user1:/bin/bash

A new user may be created and assigned a group with the useradd command:

  • Add a new user and assign them to be members of the group “accounting”: 
    useradd -m -g accounting user2
  • Add a new user and assign them to be members of the initial group “accounting” and supplementary group “floppy”: 
    useradd -m -g accounting -G floppy user1

Command arguments for useradd:

Argument Description
-m Create a home directory in /home/
-M No home directory created.
-g Specify the initial group for the user.
-G Specify the initial group for the user by using the group number.
-s Specify the default shell for the user. If not specified set to /bin/bash
-e Specify the expiration date. Format YYY-MM-DD
-f Number of days after a password expires that an account is disabled. By default this feature is disabled (-1)
-u Specify the user id number to be used.

Defaults specified in /etc/login.defs

View group membership for a user with the command “groups“. Example: groups user2

The user id has a user system number associated with it (uid) and this is defined in /etc/passwd. 
The group has a group system number (gid) associated with it and this is defined in /etc/group

 

 

Format:

group-name:x:group-number:user1,user2

Example:

user1:x:500:
user2:x:501:
floppy:x:19:user1
accounting:x:600:user2
apache:x:48: