Team chmod, chown command and the chgrp command.
Team chmod is designed to change the permissions of files and directories in Linux. The name of the team comes from the phrase " ch angle mod e".
Syntax chmod commands are as follows:
Chmod permissions filename
Permissions can be set in two ways:
Chmod 764 myfile
IN this format access rights are not specified by characters rwx, as described above, but as a three-digit number. Each digit of the number means a certain set of access rights.
The table below lists all possible combinations of rwx permissions and their corresponding numbers (which are used in the chmod command):
Number | Permissions | Symbol designation |
---|---|---|
0 | no permissions | --- |
1 | x - launch | --x |
2 | w - change | -w- |
3 | x+w - run+change | -wx |
4 | r - read | r-- |
5 | r+x - read+run | r-x |
6 | r+w - read+change | rw- |
7 | r+w+x - read+modify+run | rwx |
Consider the use of the chmod command with the entry of access rights by a number using an example. Set file permissions to 764:
Chmod 764 myfile
This means (see table above) that for a file myfile we set permissions 7 6 4 , which means:
If you write 764 using symbols (see table), then we get: “ rwxrw-r-».
The table below lists some commonly used permission numeric values:
Numeric designation | "rwx"-notation | Description |
---|---|---|
400 | -r-------- | The file owner can only read the file. For everyone else, all actions with the file are prohibited. |
644 | -rw-r--r-- | All users can read the file. The owner can modify the file. |
660 | -rw-rw---- | The owner and group can read and modify the file. For everyone else, all actions with the file are prohibited. |
664 | -rw-rw-r-- | Everyone can read the file. Owner and group can change. |
666 | -rw-rw-rw- | Everyone can read and modify the file. |
700 | -rwx------ | The owner can read, modify and run the file. For everyone else, all actions with the file are prohibited. |
744 | -rwxr--r-- | Everyone can read the file. The owner can also modify and run the file. |
755 | -rwxr-xr-x | Everyone can read and run the file. The owner can also modify the file. |
777 | -rwxrwxrwx | All users can read, modify and edit the file. |
chmod +x myfile1 chmod g=rw myfile2 chmod u-w myfile3
As you can see, in this format, permissions are given by the symbols rwx, but other auxiliary symbols are used in the syntax, for example, mathematical operations " + " And " - ' and characters such as ' g" or " u».
The general syntax can be written something like this:
chmod (owner)(math operation)(permissions) filename
The designations for file owners are as follows:
Mathematical operations mean the following:
In one command, you can list the owners and their permissions separated by commas (see the example below).
Consider examples:
IN this case we do not use designations for owners, which means that permissions are set for all users. " +x" means - set permission to run ( x) file for all users. This is equivalent to running the command: chmod a+x myfile1 .
Here we use the notation g and the equal sign " = ". This means that for the group we set the permissions to read and write the file ( rw).
For the owner of the file ( u) we remove the permission to change ( w) file.
Allow the owner u) and group ( g) run file ( x).
This is exactly the case when we list the owners separated by commas and set permissions for them. For the owner of the file ( u) we allow the file to run, for the group ( g) we forbid changing the file, for everyone else ( o) we forbid reading the file.
If you need to change the permissions for all files in a directory, including subdirectories, then there is an option to do this -R, which means recursively changing permissions for directories and their contents. For example, let's change the permissions of all files in the Mydir directory:
Chmod -R 644 Mydir
And one moment. If the user is not the owner of the file, but he needs to change the access rights of this file, then the command chmod must be done using sudo, For example:
Sudo chmod 644 file
To change the owner and group of a file, use the command chown.
To change the owner of a file, use the following syntax:
Chown new_owner filename
myfile new owner vasya:
Chown vasya myfile
To change the owner and group of a file, use the following syntax:
Chown new_owner:new_group filename
For example, set the file myfile new owner vasya and group sambashare:
Chown vasya:sambashare myfile
There is another command - chgrp. It only allows you to change the group. For example:
chgrp sambashare myfile
In Linux, each file has permissions - these are permissions, owner and group.
Permissions are set for the owner, the group, and everyone else.
There are three types of permissions − r- reading, w- change, x- launch.
To change the permissions of a file, use the command chmod.
To change the owner or group use the command chown.
To change the group is used chgrp.
The chmod command is used to change the permissions of files or directories.
In Linux and other Unix-like operating systems, each file has a set of rules that determine who can access the file and how. These rules are called file permissions or file modes. The command name chmod stands for "change mode" and is used to determine how a file is accessed.
IN general view chmod commands look like this:
chmod permission options filename
If options not specified, chmod changes the permissions of the file specified in file name, to the permissions specified in permissions.
Permissions define access rights for the owner of the file ("user"), members of the group that owns the file ("group"), and everyone else ("others"). There are two ways to represent these permissions: using symbols (alphanumeric characters) or octal numbers (numbers 0 through 7).
Let's say you own a file named myfile and want to set its permissions so that:
This command will look like this:
chmod u=rwx,g=rx,o=r myfile
This example uses a symbolic entry for permissions. The letters u, g, and o stand for user, group, and other. The equal sign ("=") means "set permissions like this", and the letters "r", "w" and "x" mean "read", "write" and "execute" respectively. Commas separate the different permission classes, and there are no spaces between them.
Here is the equivalent command using octal permission notation:
chmod 754 myfile
Here, the numbers 7, 5, and 4 each individually represent the permissions for the user, group, and others, in that order. Each digit is a combination of the numbers 4, 2, 1 and 0:
So 7 is a combination of permissions 4 + 2 + 1 (read, write, and execute), 5 is 4 + 0 + 1 (read, no write, and execute), and 4 is 4 + 0 + 0 (read , no write, and no execute).
-c, --changes Like --verbose, but only produces verbose output when a change is actually made.
-f, --silent, --quiet Silent mode; suppress most error messages.
-v, --verbose Detail mode; display a diagnostic message for each processed file.
--no-preserve-root Do not treat "/" (root directory) in any special way, which is the default setting.
--preserve-root Don't work recursively on "/".
--reference=RFILE Set permissions to match those of the RFILE file, ignoring any MODE specified.
-R, --recursive Change files and directories recursively.
--help Show help message and exit.
--version Display version information and exit.
chmod changes the file mode of each specified FILE according to MODE, which can be either a symbolic representation of the changes being made, or an octal number representing the bit pattern for the new mode bits.
Symbolic mode format:
[[+-=]...]
where perms is zero or more letters from the set r, w, x, X, s, and t, or one letter from the set u, g, and o. You can specify multiple character modes separated by commas.
A combination of the letters u, g, o, and controls that will change users' access to the file: the user who owns it (u), other users in the file's group (g), other users not in the file's group (o), or all users (a). If none of these are given, the effect is as if a were given, but the bits that are set in umask are not affected.
The (+) operator causes the selected file mode bits to be added to the existing file mode bits of each file; "-" causes them to be deleted; and "=" causes them to be added and causes the unmentioned bits to be removed, except that the unchangeable user-set directory bits and group identifiers are not affected.
The letters r, w, x, X, s, and t select the file mode bits for affected users: read (r), write (w), execute (x), execute only if the file is a directory or already has permission to executing for some user (X) set the user or group id when executing (s), restricted deletion flag, or fixed bit (t). For directories, the X and X execution options determine permission to view the contents of the directory.
Instead of one or more of these letters, you can specify one of the letters u, g, or o: permissions granted to the user who owns the file (u), permissions granted to other users who are members of the file's group (g), and permissions granted to users , which are not included in either of the two previous categories (o).
Numeric mode is one to four octal digits (0-7) obtained by adding bits with values 4, 2, and 1. Missing digits are assumed to be leading zeros. The first digit selects the given user id (4) and the given group id (2) and the restricted deletion or sticky attributes (1). The second digit selects the access rights for the user who owns the read (4), write (2), and execute (1) operations; the third selects permissions for other users in the file's group with the same values; and a fourth for other users not in the file's group, with the same values.
chmod never changes permissions on symbolic links; the chmod system call cannot change their permissions. But that's not a problem, since symlink permissions are never used. However, for each symbolic link listed in command line, chmod changes the permissions of the specified file. In contrast, chmod ignores symbolic links encountered during recursive directory traversals.
chmod clears the set-group-ID bit of a regular file if the file's group ID does not match the user's effective group ID or one of the user's secondary group IDs, unless the user has the appropriate privileges. Additional restrictions may cause the set-user-ID and set-group-ID bits in MODE or RFILE to be ignored. This behavior depends on the policy and functionality of the underlying chmod system call. If in doubt, check the behavior of the system.
chmod preserves the set-user-ID and set-group-ID bits of the directory unless you specify otherwise. You can set or clear bits with symbolic modes like u+s and g-s, and you can set (but not clear) bits with numeric mode.
The restricted deletion flag, or sticky bit, is a single bit whose interpretation depends on the file type. This prevents a file in a directory from being deleted or renamed by users who do not own the file or directory; this is called the limited deletion flag for a directory, and is commonly found in globally writable directories such as /tmp. For normal files on some older systems, this bit saves text image programs on the swap device, so it loads faster on startup; this is called the sticky bit.
A quick and easy way to list file permissions is with the long list (-l) option of the ls command. For example, to view the permissions for file.txt, you can use the command:
Ls -l file.txt
Which will display output that looks like this:
Sets the permissions for the file file.htm “owner can read and write; the group can only read; others can only read."
Chmod -R 755 myfiles
Recursively (-R) changes the permissions on the myfiles directory and all its folders and files to mode 755. The user can read, write, and execute; group members and other users can read and execute, but cannot write.
Chmod u=rw example.jpg
Changes the permissions on the owner of example.jpg so that the owner can read and write the file. Does not change permissions for the group or for others.
Chmod u+s comphope.txt
Sets the "Set-User-ID" bit of the comphope.txt file so that anyone who tries to access this file does so as if they were the owner of the file.
Chmod u-s comphope.txt
The opposite of the above command; clears the SUID bit
Chmod 755 file.cgi
Sets the permissions for file.cgi to "read, write, and execute by owner" and "read and execute by group and everyone else."
Chmod 666 file.txt
Sets the permission of file.txt to "read and write by everyone".
Chmod a=rw file.txt
Performs the same as the above command using symbolic notation.
chown- Change the owner of files or directories.
getfacl- Show file access control lists.
ls- List the contents of a directory or directories.
Each file or folder in Linux has its own permissions.
There are 3 types of rights:
read(r),write(w),execute(x)
Rights are defined for 3 types of users:
owner(u), group(g), all others(o)
So the rights of each file are 9 bits of information (3 types of rights * 3 types of users), respectively, each bit can be set (=1) access is allowed, or reset (=0) access is denied.
When assigning rights, it is customary to use the octal number system.
Text representation of rights (10 characters):
- rwxr - - r - -
0123456789
Character at position 0:
"-" - regular file, "d" - folder, "l" - link
Characters in position 1-3:
"rwx" - owner rights
Characters in position 4-6:
"r - -" - permissions for the group
Characters in position 7-9:
"r - -" - rights for everyone else
Table for determining rights:
As can be seen from the table, the rights are easily calculated
simple summation. 1=execute, 2=write, 4=read.
for example, it requires execution (1) and reading (4), we get 1 + 4 = 5
Example 644:
- owner(s) read and write
- group(g) read only
- others(o) read only
Example 755:
- owner(s) all rights
- group(g) read and execute
- other(o) reading and executing
In programming languages such as C,
0 is added to the rights at the beginning of each number, which means that the number is octal, i.e. write 0644 instead of 644. When changing permissions from the command line, this is usually not required.
Four Digit Rights View (4755), Additional Rights
SUID, SGID, sticky bits:
examples:
SUID set:
- r w s - - - - - - SUID bits set and execution for owner
- r - S - - - - - - SUID bit set, execution bit not set
Installed SGID:
- r w x r w s - - - SGID bits set and run for group
- r w x r - S - - - SGID bit set, not set execution for the group
The sticky bit is set:
- r w x r w x r w t sticky bits set and execution for others
- r w x r w x r - T sticky bit is set but not set. doing for others
differences in the effect of rights when installed on files and folders:
rights | files | folders |
---|---|---|
reading | content reading | getting a list of files |
entry | content recording | changing the list of files (create, delete, rename) |
performance | file can be executed | user or process, can make the folder "current/working" |
SUID | Set "User ID" on execution | Override user id when creating file/folder (use root folder owner id) |
SGID | Set "Group ID" on execution | Override group id when creating file/folder (use root folder group id) |
sticky | prevent deletion by everyone except the owner |
"-R" apply permissions recursively to all files and subfolders
Examples:
chmod -R 755 folder/
chmod 644 file
etc.
It is possible to change the rights not entirely, but only add or remove rights only to certain user groups
using symbols instead of octal numbers.
"u" - user/owner
"g" - user group
"o" - other users
"a" - all user groups
Permission format [[+-=], ...
Examples:
chmod -R a+x folder/ execute for all groups recursively
chmod a+rx file read and execute for everyone
chmod u+rx,g-rx file add read and execute for owner, and
revoke permissions for a group
chmod a+r,o= file add read for all group types and revoke
all rights for all other users
chown owner change command:
Chown [-R] owner:group file/folder
Examples:
chown -R 0:0 folder/ set owner/group=root recursively
chown myuser:mygroup file set myuser/mygroup to a file
Team chmod (Change MODE- change mode) has a very specific syntax. Syntax in general:
but what characterizes it is that regime change can take many forms. It can be specified in two ways:
The following example shows how to allow all users to read, modify, and save a file. To do this, you need to change the permissions of the "others" group.
Enter on the command line:
ls -l example1.txt The following information will be displayed:
-rw-rw-r-- 1 user user 42 Mar 24 22:07 example1.txt Now enter the following command:
chmod o+w example1.txt The o+w command means that you give "others", denoted by the letter "o", write permission to the file example1.txt . To see what the execution of the specified command resulted in, let's look at the file again:
-rw-rw-rw- 1 user user 42 Mar 24 22:09 example1.txt Now everyone can read and write to the file.
To disable reading and writing to example1.txt, use the chmod command.
chmod go-rw example1.txt The go-rw command tells the system that you want to prevent the group and "others" from reading and writing to file example1.txt.
As a result, the permissions will look like this:
-rw------- 1 user user 42 Mar 24 22:10 example1.txt The above classes and rights are shorthand for the corresponding English words, so they are easy to remember: all you need to remember is a few symbols and letters.
Here is a list of transcripts of these abbreviations:
Classes u - the user who is the owner of the file (from the English "user");
g - the group to which the user belongs (from the English "group");
o - the rest (not the owner and not the owner group, from the English "others");
a - all (u, g and o, from the English " all"). Permissions r - the right to read;
w is the right to write;
x - the right to execute. Actions + - gives the right;
- - takes away the right;
= - leaves only this right.
Do you want to test your knowledge? Remove all rights to the example1.txt file from all users.
chmod a-rwx example1.txt Now check if you can read given file command cat example1.txt . You should see the following:
cat: example1.txt: Permission denied By revoking all permissions, including your own, you have denied access to the file. But since the file belongs to you, you can always return the rights with the following command:
chmod u+rw example1.txt To make sure you can read this file, use the cat example1.txt command.
Here are some examples of using the chmod command:
The -R option allows you to change permissions for the entire directory tree.
Since directories cannot be "executed" as applications, adding or removing the appropriate right means allowing (or disallowing) viewing the directory.
For example, if you prevent other users from executing the docs/ directory, it doesn't matter who has read and write permissions. No one will be able to access the contents of a directory unless they know the exact name of the file it contains.
Type, for example:
chmod a-x docs to revoke the execute right from all users.
If you now try to change the directory with cd docs , you will get a failure:
bash: docs: Permission denied Reclaim permissions for yourself and your group:
chmod ug+x docs If you now check the results of your actions with the ls -l command, you will see that only other users are denied access to the docs/ directory.
The chmod command allows you to set the read, write, and use permissions for your file. Because operating system UNIX is multi-user, you usually don't work alone in file system. Users of the system can access various directories in any way and read files belonging to other users as long as there is permission to do so.
If you are the owner of the file, then you can decide who has the right to read the file, write to it and, if it is a program, execute it. You can also restrict directory access rights. When you grant access to the directory, it means that you allow the user to cd and print the contents of the directory using the ls command. The following characters are used to indicate access rights:
To indicate which user has these access rights, the following characters are used:
When you create a file or directory, the system automatically grants or does not grant access to you, a member of your group, or all users of the system. You can override this automatic entitlement action (see section 9). In addition, regardless of what rights you are granted when creating a file, you, as the owner of the file or directory, can use the change key.
You can determine the permissions for a file or directory using the ls -l command. For example, if you are in the startship/bin directory, and you type ls -l, you will get the following information:
$ ls -l
The left side of the screen displays the permissions for the display and list files and the tools directory:
Rwxr-xr-x for display file -rw-r--r-- for list file drwxr-x--x for tools directory
The first character describes the file type (for example, the "-" character indicates that it is an ordinary file, the "d" character indicates a directory). The next nine characters describe the permissions. The first three characters out of nine set permissions for the owner, the second three - for the group, the third - for all users. Each set characters r,w,x shows current established rights access for each category of users. If there is a "-" instead of a symbol, then the corresponding right is absent.
There are two restrictions. By chance, the letters l or s may appear in a string instead of r, w or x. The letter s represents a special right to execute a file. It appears in the place where the letter r usually appears in the sets for the owner or for the user group and this means a special right to execute the file. It only matters to programmers and system programmers. The letter l indicates that the lock will appear when accessing the file. This does not mean that the file is protected.
You can change existing permissions with the chmod command.
Command syntax:
Chmod who+permissions file(s)
chmod- | program name; |
Who - | one of three user groups: |
u- | owner; |
g- | group; |
o- | All users; |
"+" or "-" - | presence or absence of rights; |
right - | one of three rights: |
r- | the right to read; |
w- | the right to record; |
x- | the right to perform; |
file(s) - | name of the file(s) (directory); the file is assumed to be in the current directory, or you must specify the full path name. |
Note. The chmod command will not run if you put a space between "who", "+", "-", and "right".
The following examples show several ways to use the chmod command. As the owner of display, you can read the file, write to it, and execute the file. You can protect a file from accidental modification. To do this, enter the following command line:
chmod u-w display
As you can see, the right to make changes to the file has changed. You will not be able to modify this file while this write permission exists.
Now let's turn to another example. The write permission to the display file is not allowed for your group and all users on the system. However, they are granted the right to read. This means that they can copy the file into their own directory and then make changes to it. To prevent these actions, you must revoke the read right. To do this, enter the command:
Chmod go-r display
-r - prohibits reading or copying the file.
Check the result and enter the ls -l command. The screen will look like this:
$ chmod go -r display
You can use the chmod command to grant or deny permission to directories as well as files.
For example, you have given permission to read the manual to yourself (u), members of your group (g), and all users of the system. Each user with access to the system will have the right to read the names of the files contained in this directory by issuing the ls -l command. Similarly, granting write access allows users to create new files in the directory and delete existing files in the directory. The executable directory grant allows designated users to navigate to that directory (and make it their current directory) using the cd command.
There are two methods by which the chmod command. The method described above, in which the symbols r, w, and x are used to indicate the right, is called the symbolic method.
An alternative method is the octal method. Its format requires you to specify permissions using three octal digits (from 0 to 7).