Understanding User Access in Linux with "chmod"

Understanding User Access in Linux with "chmod"

What is chmod ?

According to Wikipedia, chmod is:

the command and system call which is used to change the access permissions of file system objects (files and directories).

Essentially, what this means is that chmod is used to change the kind of access that different classes of users has on files and directories on the computer. There are three basic kind of access and these are:

  • Write Access (w)
  • Read Access (r)
  • Execute Access (x)

Viewing the access mode for file system objects

In Linux and Unix-based systems, ls can be used to determine the kind of access that user classes has on file system objects:

ls -l sample.sh

This would return a result like:

-rwxrw-r-- developer team 50 Nov 12 10:25 sample.sh

Let's try and understand the -rwxrw-r-- at the beginning of the output. The first - signifies that the object sample.sh is a plain file. Subsequent characters are grouped into three's representing the access mode for entities of class user, class group and class other, which means any other entity not belonging to any of the first two classes . Thus, the user developer has read, write and execute access on the file, the group team has only read and write access on the file and finally other entites has only read access on the file.

rwx developer
rw- team 
r-- others

Another way in which the access mode for objects can be represented is through the use of octal values. This can be viewed with:

stat -c %a sample.sh

This would return an octal value as the output:

764

This output has the same meaning as rwxrw-r-- above. Hence:

7 - developer has read,write,execute rights
6 - team has read,write rights
4 - others have read-only rights

The mapping of octal values to the access mode they represent is given below:

0 - none
1 - execute (--x)
2 - write (-w-)
3 - write,execute (-wx)
4 - read (r--)
5 - read,execute (r-w)
6 - read,write (rw-)
7 - read, write, execute (read, write, execute)

source: wikipedia

ACCESS MODE OPERATORS

There are special operators that are used to add, remove and set access modes for user classes. These are +, -, = respectively. So, for example, if we want to add execute right to all users classes for sample.sh, the command would be:

chmod a+x sample.sh

Where a represents all users. Other symbols like u, g and o are used to represent user, group and others respectively.

chmod options

Two common options are usually passed when calling chmod:

  • -R: When chmod is called on a directory, passing this option would apply the change to all objects that are under that directory
  • -v: The is the famous verbose options that is commonly found in many cli commands.

Playing around with chmod

Here are some scenarios that we can explore using chmod on sample.sh:

  1. Remove read right for all user classes
  2. Add read, write right to other
  3. Set developer right to read, write
  4. Make the file readable/writable/executable for developer, readable for group and no right for other.
  5. Make the file readable, writable and executable for all (This is not advisable in real life though ;) )

These are the solution to 1, 3, 4:

  1. chmod a-r sample.sh
  2. ?
  3. chmod u=rw sample.sh Hint: Remember developer belong to class user (u)
  4. chmod 740 sample.sh
  5. ?

2 and 5 should be easy for you !!!

Alright, that'll be all. Thanks for reading and I hope you learnt a thing or two.