bash Permissions

Linux/unix system permissions allow or prevent other users from viewing, modifying or executing any particular file.

View permissions with ls

The ouptut of ls -l will show the current permissions for files and folders:

-rwxr--rw- 1 user user 0 Jan 19 12:59 file1.txt

The letters rwx stand for Read/Write/Execute permission. These rights are shown three times, first for the Owner, then the Group and lastly Others (world)

In the example above the Group permission is r-- so members of the group will have Read permission but not Write or Execute permission to file1.txt

User ls output
Owner -rwx------
Group ----rwx---
Other -------rwx

Edit permissions with chmod

The command to modify permissions is chmod. There are two ways to modify permissions, with numbers or with letters. Using letters is easier to understand for most people. See the chmod page for more detail.

Some files are configured to have very restrictive permissions to prevent unauthorized access. Changing these permissions can create security problems.

To change or edit files that are owned by root, sudo chmod must be used. Note that changing permissions incorrectly can quickly make your system unusable! Please be careful when using sudo!

$ sudo chmod o+x /usr/local/bin/somefile

Recursive Permission Changes

chmod -R will change all the permissions of each file and folder under a specified directory at once.

$ chmod 777 -R /path/to/Dir

To assign reasonably secure permissions to files and folders/directories, it's common to give files a permission of 644, and directories a 755 permission, using the find command and a pipe we can target just files or just folders as in the following examples.

$ sudo find /path/to/Dir -type f -print0 | xargs -0 sudo chmod 644

$ sudo find /path/to/Dir -type d -print0 | xargs -0 sudo chmod 755

Again if using sudo be careful, in particular watch for extra spaces in your command/path.

Changing Ownership and Group membership

A file's owner can be changed using the chown command.
$ sudo chown kate file1.txt


A file's group can be changed using the chgrp or chown command.
$ sudo chgrp mygroup file1.txt
$ sudo chown :mygroup file1.txt

chown can also change the owner and group in a single command:
$ sudo chown tux:mygroup file1.txt

ACLs - Access control lists

Posix ACLs are a way of achieving a finer granularity of permissions than is possible with the standard Unix file permissions.

To enable Posix ACLs, install the acl package

$ sudo apt-get install acl

Documentation can then be found in the man pages for acl, setfacl, getfacl

Sticky Bit

The Sticky bit (t) will prevent users from altering or replacing any other user's files. Only the file owner and the superuser may remove files from that directory. All PUBLIC directories should be configured with sticky bit.

Unlike with file sticky bits, the sticky bit on directories remains there until the directory owner or superuser explicitly removes the directory or changes the permissions.

The sticky bit, together with the default umask of 077, solves a big problem for less secure systems. Together, both features prevent other users from altering or replacing any file you have in a public directory. The only information they can gain from the file is its name and attributes.

$ chmod u+t directory

Related:

chgrp - Change group ownership
chmod Change access permissions
chown - Change file owner and group
Windows equivalent: permissions


© Copyright SS64.com 1999-2014
Some rights reserved