Setting Permission with chmod
chmod
Change mode so you can set permissions for read, write and execute for the user, members of your group and others. This uses binary values as an argument to set these. There are many common chmod permissions, a few key ones are:
In general, chmod commands take the form:
chmod [who][+,-,=][permissions] filename
Example #1:
chmod g+w,o-rw,a+x ~/group-project-files/
This adds write permissions to the usergroup members, and removes read and write permissions from the “other” users of the system. Finally the a+x adds the execute permissions to all categories. This value may also be specified as +x. If no category is specified, the permission is added or subtracted to all permission categories.
Example #2:
chmod -R +w,g=rw,o-rw, ~/group-project-files/
The -R option applies the modification to the permissions recursively to the directory specified and to all of its contents
Permissions:
File type User Group Global
d Directory rwx r-x r-x
- Regular file rw- r-- r--
l Symbolic Link rwx rwx rwx
Who:
Who Meaning
u user
g group
o others
a all
chmod - details
If no options are specified, chmod modifies the permissions of the file specified by file name to the permissions specified by permissions.
permissions defines the permissions for the owner of the file (the "user"), members of the group who owns the file (the "group"), and anyone else ("others"). There are two ways to represent these permissions: with symbols (alphanumeric characters), or with octal numbers (the digits 0 through 7).
Let's say you are the owner of a file named myfile, and you want to set its permissions so that: the user can read, write, ande xecute it; members of your group can read ande xecute it; and * others may only read it.
This command will do the trick:
chmod u=rwx,g=rx,o=r myfile
This example uses symbolic permissions notation. The letters u, g, and o stand for "user", "group", and "other". The equals sign ("=") means "set the permissions exactly like this," and the letters "r", "w", and "x" stand for "read", "write", and "execute", respectively. The commas separate the different classes of permissions, and there are no spaces in between them.
Here is the equivalent command using octal permissions notation:
chmod 754 myfile
# this is equivalent to chmod u=rwx,g=rx,o=r myfile
Here the digits 7, 5, and 4 each individually represent the permissions for the user, group, and others, in that order. Each digit is a combination of the numbers 4, 2, 1, and 0:
4 stands for "read",
2 stands for "write",
1 stands for "execute", and
0 stands for "no permission."
So 7 is the combination of permissions 4+2+1 (read, write, and execute), 5 is 4+0+1 (read, no write, and execute), and 4 is 4+0+0 (read, no write, and no execute).
777 — anyone can read, write and execute chmod 777 my_file
755 — for files that should be readable and executable by others, but only changeable by the issuing user
700 — only the user can do anything to the file
These are the examples from the symbolic notation section given in octal notation:
Symbolic Notation Numeric Notation English
---------- 0000 no permissions
-rwx------ 0700 read, write, & execute only for owner
-rwxrwx--- 0770 read, write, & execute for owner and group
-rwxrwxrwx 0777 read, write, & execute for owner, group and others
---x--x--x 0111 execute
--w--w--w- 0222 write
--wx-wx-wx 0333 write & execute
-r--r--r-- 0444 read
-r-xr-xr-x 0555 read & execute
-rw-rw-rw- 0666 read & write
-rwxr----- 0740 owner can read, write, & execute; group can only read; others have no permissions
chmod Examples # Set the permissions of file.htm to "owner can read and write; group can read only; others can read only". chmod 644 file.htm
# Recursively (-R) Change the permissions of the directory myfiles, and all folders and files it contains, to mode 755: User can read, write, and execute; group members and other users can read and execute, but cannot write.
chmod -R 755 myfiles
# Change the permissions for the owner of example.jpg so that the owner may read and write the file. Do not change the permissions for the group, or for others.
chmod u=rw example.jpg
# Set the "Set-User-ID" bit of comphope.txt, so that anyone who attempts to access that file does so as if they are the owner of the file.
chmod u+s comphope.txt
# The opposite of the above command; un-sets the SUID bit.
chmod u-s comphope.txt
# Set the permissions of file.cgi to "read, write, and execute by owner" and "read and execute by the group and everyone else".
chmod 755 file.cgi
# Set the permission of file.txt to "read and write by everyone.".
chmod 666 file.txt
# Accomplishes the same thing as the above command, using symbolic notation.
chmod a=rw file.txt
Setting Default permissions for Directory with user groups
How to set rw permission in a directory shared by a group of users
- First all users accessing the directory need to share a group.
- Then change the group permissions of the directory and set to default rwx
chmod g+s <directory> //set gid
setfacl -d -m g::rwx /<directory> //set group to rwx default
setfacl -d -m o::rx /<directory> //set other
Next we can verify:
getfacl /<directory>
Output:
# file: ../<directory>/
# owner: <user>
# group: media
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
Examples
To modify existing files in goups use -m switch and to set new default permission with switch -d to the directory for group.
chmod g+s /home/limited.users/<directory>
setfacl -R -m g::rwx /home/limited.users/<directory> // gives group read,write,exec permissions for currently existing files and folders, recursively
setfacl -R -m o::x /home/limited.users/<directory> //revokes read and write permission for everyone else in existing folder and subfolders
setfacl -R -d -m g::rwx /home/limited.users/<directory> // gives group rwx permissions by default, recursively
setfacl -R -d -m o::--- /home/limited.users/<directory> //revokes read, write and execute permissions for everyone else.
This tute was compiled from Stackoverflow by @towshif