Understanding User Access in Linux with "chmod"
I have a flare for solving problems, big or small.
What is chmod ?
According to Wikipedia, chmod is:
the command and system call which is used to change the access permissions of file system objects (files and directories).
Essentially, what this means is that chmod is used to change the kind of access that different classes of users has on files and directories on the computer. There are three basic kind of access and these are:
- Write Access (w)
- Read Access (r)
- Execute Access (x)
Viewing the access mode for file system objects
In Linux and Unix-based systems, ls can be used to determine the kind of access that user classes has on file system objects:
ls -l sample.sh
This would return a result like:
-rwxrw-r-- developer team 50 Nov 12 10:25 sample.sh
Let's try and understand the -rwxrw-r-- at the beginning of the output. The first - signifies that the object sample.sh is a plain file. Subsequent characters are grouped into three's representing the access mode for entities of class user, class group and class other, which means any other entity not belonging to any of the first two classes . Thus, the user developer has read, write and execute access on the file, the group team has only read and write access on the file and finally other entites has only read access on the file.
rwx developer
rw- team
r-- others
Another way in which the access mode for objects can be represented is through the use of octal values. This can be viewed with:
stat -c %a sample.sh
This would return an octal value as the output:
764
This output has the same meaning as rwxrw-r-- above. Hence:
7 - developer has read,write,execute rights
6 - team has read,write rights
4 - others have read-only rights
The mapping of octal values to the access mode they represent is given below:
0 - none
1 - execute (--x)
2 - write (-w-)
3 - write,execute (-wx)
4 - read (r--)
5 - read,execute (r-w)
6 - read,write (rw-)
7 - read, write, execute (read, write, execute)
ACCESS MODE OPERATORS
There are special operators that are used to add, remove and set access modes for user classes. These are +, -, = respectively. So, for example, if we want to add execute right to all users classes for sample.sh, the command would be:
chmod a+x sample.sh
Where a represents all users. Other symbols like u, g and o are used to represent user, group and others respectively.
chmod options
Two common options are usually passed when calling chmod:
-R: Whenchmodis called on a directory, passing this option would apply the change to all objects that are under that directory-v: The is the famousverboseoptions that is commonly found in many cli commands.
Playing around with chmod
Here are some scenarios that we can explore using chmod on sample.sh:
- Remove
readright for all user classes - Add
read, writeright toother - Set
developerright toread, write - Make the file readable/writable/executable for
developer, readable forgroupand no right forother. - Make the file readable, writable and executable for all (This is not advisable in real life though ;) )
These are the solution to 1, 3, 4:
chmod a-r sample.sh- ?
chmod u=rw sample.shHint: Rememberdeveloperbelong to class user (u)chmod 740 sample.sh- ?
2 and 5 should be easy for you !!!
Alright, that'll be all. Thanks for reading and I hope you learnt a thing or two.
