Learn GNU/Linux Commands (11): Permission - stat, chown, chmod

In GNU/Linux and other Unix-like systems, everything can be considered as a file, every file belongs to a user and a group. The user, other members of the group, and other users of the system have their own permission to access the file. There are 3 kinds of permission: the permission to read, to write, to execute.

To execute a file means to let the system perform base on the content of the file. In order to execute a non-binary script (file), the user needs the permission to read it as well.

By default, when a normal file is made, the user who makes it owns it, the owner and members in the group have the permission to read and write it, others have the permission to read it. For a directory, it is the same as normal files besides that every user has the permission to execute the directory. This is for files under it to be executable.

The superuser, or root, can read and write all files. Root can execute a file if there is at least one user who is permitted to do that. This is to say, if a file can be executed by its owner, but not by other members of the group and any other users, root can execute it as well. If a file can't be executed by its owner or other members of the group, but any other users can, root can execute it as well.


Display Permission and Ownership

ls -l [PATHNAME]...

List information about the files (the current directory by default) using a long listing format.

For example:

[texpion@com ~]$ ls -l
-rw-rw-r--. 1 texpion texpion    0 Sep  1 10:29 myfile
drwxrwxr-x. 3 texpion texpion 4096 Sep  1 10:29 mydirectory
  • The 1st column is the permission.
  • The 3rd is the user that owns the file.
  • The 4th is the group that owns the file.
  • The last is its name.


stat FILE

Display file or file system status.

For example:

[texpion@com ~]$ stat ./mydirectory
  File: ./mydirectory
  Size: 4096       Blocks: 8          IO Block: 4096   directory
Device: 801h/2049d Inode: 155078     Links: 3
Access: (0775/drwxrwxr-x)  Uid: ( 1001/    texpion)   Gid: ( 1001/    texpion)
Access: 2018-09-01 10:29:49.658883886 -0400
Modify: 2018-09-01 10:30:44.553320975 -0400
Change: 2018-09-01 10:30:44.553320975 -0400
 Birth: -
The access permission string has the same structure as the string "ls -l" displays except that it doesn't have the 11th (the last) character.

"stat" also displays the permission in the numeric format. That is 0775 in the example. The first number is for special flags.

  • Uid: the user that owns the file.
  • Gid: the group that owns the file.

Meaning of the text format

    For the 1st character

  • "d" means it's a directory, "-" means it isn't.
  • For the next 9 characters

  • "r" stands for "read".
  • "w" stands for "write".
  • "x" stands for "execute".
  • "-" means negative.
  • They are in the order as "read, write, execute".
  • The first 3 characters are for the user.
  • The next 3 characters are for the group.
  • The last 3 characters are for others.
  • For the last character

  • "+" means the file has additional attributes, "." means it has not.

Directory User perm. Group perm. Other perm. Additional attr.
-rw-rw-r--. 1 test test 0 Sep 1 10:29 myfile
- rw- rw- r-- .
yes read, write read, write read only no
drwxrwxr-x. 3 test test 4096 Sep 1 10:29 mydirectory
d rwx rwx r-x .
yes read, write, execute read, write, execute read, execute no

Meaning of the numeric format

The basic structure has 3 octal digits, the 1st represents the permission for the user, the 2nd for the group, and the 3rd for others. If there is 4 octal digit, the first is for special flags.

Each octal digit can be 0 to 7.

  • 1: executable.
  • 2: writable
  • 4: readable.
  • 7=1+2+4: readable, writable and executable.
  • 6=2+4: readable and writable.
  • 5=1+4: readable and executable.
  • 3=1+2: writable and executable.
  • 0: no permission.


Change Permission

Only root and the user who owns the file can change its permission.

chown MODE FILE...

Change the mode (permission) of each FILE to MODE.


MODE format

  • u: user.
  • g: group.
  • o: other.
  • a: all of the above.
  • =: set as the permission on the right.
  • +: grant(add) the permission on the right.
  • -: deny(subtract) the permission on the right.
Mode Equivalents Example Before After
33 033, 0033, go=3 0664/-rw-rw-r-- 0033/-----wx-wx
-1 o-1, o-x 0775/drwxrwxr-x 0664/drw-rw-r--
u=7 u=rwx 0664/-rw-rw-r-- 0764/-rwxrw-r--
a=rx =rx, 555, =555, 0555, =0555 0664/-rw-rw-r-- 0555/-r-xr-xr-x
-w ug-w, -220 0775/drwxrwxr-x 0555/dr-xr-xr-x
+x a+x, ugo+x, +111 0775/drwxrwxr-x 0555/dr-xr-xr-x

Below are some of the most commonly used modes:
+x, 775, 664, 600, 400


Change Ownership

Change to Another User Only

chown USER FILE...

Change the owner of each FILE to USER i.e. Make USER the new owner of each FILE.

Only root can do this.


Change to Another Group Only

chown :GROUP FILE...

Change the group each FILE belongs to to GROUP.

root can do this. If the user owns each FILE and the user belongs to GROUP, the user can do this as well.


Change to USER and Group

chown USER: FILE...

Change the owner to USER and the group to USER's primary group.

For example:

[root@com ~]# ls -l myfile
-rw-rw-r--. 1 texpion texpion    0 Sep  1 10:29 myfile
[texpion@com ~]# chown root: myfile
[root@com ~]# ls -l myfile
-rw-rw-r--. 1 root  root    0 Sep  1 10:29 myfile


chown USER:GROUP FILE...

Change the owner to USER and the group to GROUP. USER doesn't have to be a member of GROUP.

For example:

[root@com ~]# ls -l myfile
-rw-rw-r--. 1 texpion texpion    0 Sep  1 10:29 myfile
[texpion@com ~]# chown root:test myfile
[root@com ~]# ls -l myfile
-rw-rw-r--. 1 root  test    0 Sep  1 10:29 myfile

Only root can do this.



Related

Comments

Popular

Intel 7th and 8th generation processor graphics driver for Windows 7/8/8.1

AV1 vs VP9 vs AVC (h.264) vs HEVC (h.265): Part II - Fidelity

AV1 vs VP9 vs AVC (h.264) vs HEVC (h.265): Part I - Lossless

AV1 vs VP9 vs AVC (h.264) vs HEVC (h.265): Part IV - Decode

AV1 vs VP9 vs AVC (h.264) vs HEVC (h.265): Part III - Quality

OBS Studio settings for best quality (loseless) recording

Install VMAF on Fedora, CentOS/Red Hat (RHEL)