chmod Command in Unix( File Permissions)
In Unix,files access is managed through the file permissions, attributes, and ownership. This ensures that only authorized users and processes can access files and directories.chmod command in Unix is used to change the access permissions of files and directories.
We will learn below topics in this article:
File Security
To grant or restrict access to the file , Unix makes use of file access permission.
Unix comes with excellent security features, customization file permissions are one of them. Unix file permissions allow you to define who can read, write, and execute each file on your system.
Files can be secured through UNIX file permissions.
Unix assigns three types of owners to each file: User, Group, and Other.This access controls makes the Unix system extremely secure.
Unix users class
In Unix, each file is associated with an owner and a group and assigned with permission access rights for three different classes of users:
- Owner: Anyone who creates a new file in a Unix system will automatically be granted User rights over that file.
- Group: Group usually contains more than one users. Everyone who belongs to the same user group as User will be automatically the member of Group. Group is used to assign group permissions to a certain file for one or more users.
- Others: Other means everyone else who can access the file. Unix treats them as the third kind of owners, and you can set separate permissions for them
- All: it includes all users.
File ownership can be changed using chown command in Unix and chgrp command. We will further learn about it in this topic.
Classes of Permissions for a file
There are three file permissions that apply for each class. They are as follows:
- Read (r) : The Read permission grants users the right to open or read a file. The user can only see the contents of the file but cannot modify it. When the Read permission belongs to a directory, the user can only list its contents but cannot modify or delete it.
- character ‘-‘ means the directory’s content cannot be shown.
- character ‘r’ means the directory’s content can be shown
- Write (w) : Write allows users to edit the contents of a file. When the Write permission is set on a directory, users can add, rename, and remove all the files.
- character ‘-‘ means the directory’s content cannot be altered.
- character ‘w’ means the directory’s content can be altered
- Execute (x) :The Execute permission means that a user can run the file as a program.
- character ‘-‘ means the directory cannot be changed to.
- character ‘x’ means the directory can be navigated using cd command in Unix.
- Read (r) : The Read permission grants users the right to open or read a file. The user can only see the contents of the file but cannot modify it. When the Read permission belongs to a directory, the user can only list its contents but cannot modify or delete it.
Two modes of setting file permissions
Permission of a file can be changed using any of the two modes:
- Absolute Mode (Octal Integer)
- Symbolic Mode (String)
1. Absolute Mode(Octal Integer)
- Uses numbers for mentioning the permissions
- For example numerical equivalent for all permissions on a file are 777
SYNTAX:chmod [OPTIONS] NUMBER FileNameWhile using absolute mode you can set permissions for all three user classes (owner, group, and all others).
When 3 digits number is used, the first digit represents the permissions of the file’s owner, the second one the file’s group, and the last one all other users.
read, write and execute permissions has following value:
- r (read) = 4
- w (write) = 2
- x (execute) = 1
- no permissions = 0
EXAMPLE:
Below example shows how permission is set for a fle. Here to give read, write and execute permission to the file’s owner, read and execute permissions to the file’s group and only read permissions to all other users, do the following:
Owner: rwx=4+2+1=7
Group: r-x=4+0+1=5
Others: r-x=4+0+0=4
Number 754, which represents the desired permissions.
2. Symbolic Mode
- Uses characters & arithmetic operators for mentioning the permissions.
- Example : u+rx – Indicates the user has read and execute permissions
- System wide default permission for a file : rw-rw-rw (666)
- System wide default permission for a directory : rwxrwxrwx (777)
chmod command when using the symbolic mode has the following format:
SYNTAX:
chmod [OPTIONS] [ugoa][-+=]permission[,] FileName([ugoa]) defines which users classes permissions of file are changed.
- u – The file owner.
- g – The users who are members of the group.
- o – All other users.
- a – All users, identical to ugo.
– Removes the specified permissions.
+ Adds specified permissions.
= Changes the current permissions to the specified permissions.
The permissions can be explicitly set using either zero or one or more of the following letters: r, w, x.
When setting permissions for more than one user class, use commas (without spaces) to separate the symbolic modes.
EXAMPLES:
- Group members has permission to read the file, but not to write and execute it:
chmod g=r filename2. All users execute permission are removed:
chmod a-x filename3. read, write and execute permission to the file’s owner, read permissions to the file’s group and no permissions to all other users:
chmod u=rwx,g=r,o= filenameSetting permission and changing ownership (chmod, chown)
File permissions are determined by who owns the file and the visibility of that file. chown and chmod are the tools we use to manipulate ownership and access. chown is used to change the owner, not the group.
chmod Command in Unix
The chmod command stands for “change mode”, and allows changing permissions of files and folders, also known as “modes” in UNIX.
- Used for setting file and directory permissions.
Syntax:
Chmod [OPTION] [Mode][Mode].. FilenameUsing Absolute Mode:
chmod [0-7][0-7][0-7] filename/dirUsing Symbolic Mode:
chmod [ugo][+-=][rwx] filenamewhere + adds specified mode
– removes specified mode
= assigns specified mode for u/g/o
| Option | Use |
| -R | To change the file and directory permissions recursively |
| –reference | Utilize permissions of first argument as reference to set permissions of remaining arguments |
Example:
- Chmod -R 755 /home/Data/task1
ls -l /home/Data/task1
Output:
drwxr-xr-x
umask command in Unix
New files are created with a default set of permissions. Specifically, a new file’s permissions may be restricted in a specific way by applying a permissions “mask” called the umask. The umask command is used to set this mask, or to show you its current value.
- Stands for user creation mask.
- Sets default permissions for a newly created file and directory.
- Default value is 022.
- The value can be changed.
Syntax:
unmaskFor more details refer here
chown command in Unix
The chown command stands for “change owner”, and allows changing the owner of a given file or folder, which can be a user and a group.
- Changing ownership for a file.
- Can be done only by the owner and root or administrator.
Syntax :
To change owner of the file:
chown username filename