Here, expression is a statement of how to change the permissions. This expression can be of the following types:
| Previous | Table of Contents | Next |
You can change file and directory permissions with the chmod command. The basic syntax is as follows:
chmod expression files
- • Symbolic
- • Octal
The symbolic expression method uses letters to alter the permissions, and the octal expression method uses numbers. The numbers in the octal method are base-8 (octal) numbers ranging from 0 to 7.
Symbolic Method
The symbolic expression has the syntax of
(who)(action)(permissions)
Table 5.3 shows the possible values for who, Table 5.4 shows the possible actions, and Table 5.5 shows the possible permissions settings. Using these three reference tables, you can build an expression.
| Letter | Represents | |
|---|---|---|
| u | Owner | |
| g | Group | |
| o | Other | |
| a | All | |
| Symbol | Represents |
|---|---|
| + | Adding permissions to the file |
| - | Removing permission from the file |
| = | Explicitly set the file permissions |
| Letter | Represents |
|---|---|
| r | Read |
| w | Write |
| x | Execute |
| s | SUID or SGID |
Now look at a few examples of using chmod.
To give the “world” read access to all files in a directory, you can use one of the following commands:
$ chmod a=r *
or
$ chmod guo=r *
If the command is successful, it produces no output.
To stop anyone except the owner of the file .profile from writing to it, try this:
$ chmod go-w .profile
To deny access to the files in your home directory, you can try the following:
$ cd ; chmod go= *
or
$ cd ; chmod go-rwx *
Caution:
If you do this, be warned because some users will call you a file miser.
When specifying the users part or the permissions part, the order in which you give the letters is irrelevant. Thus these commands are equivalent:
$ chmod guo+rx * $ chmod uog+xr *
If you need to apply more than one set of permissions changes to a file or files, use a comma separated list: For example
$ chmod go-w,a+x a.out
removes the groups and “world” write permission on a.out and adds the execute permission for everyone.
To set the SUID and SGID bits for your home directory, try the following:
$ cd ; chmod ug+s .
So far, the examples you have examined involve changing the permissions for files in a directory, but chmod also enables you to change the permissions for every file in a directory including the files in subdirectories. You can accomplish this by specifying the -R option.
For example, if the directory pub contains the following directories:
$ ls pub ./ ../ README faqs/ src/
you can change the permission read permissions of the file README along with the files contained in the directories faqs and src with the following command:
$ chmod -R o+r pub
Be careful when doing this to large subtrees because you can change the permissions of a file in a way that you did not intend.
Octal Method
By changing permissions with an octal expression, you can only explicitly set file permissions. This method uses a single number to assign the desired permission to each of the three categories of users (owner, group, and other).
The values of the individual permissions are the following:
Adding the value of the permissions that you want to grant will give you a number between 0 and 7. This number will be used to specify the permissions for the owner, group, and finally the other category.
Setting SUID and SGID using the octal method places these bits out in front of the standard permissions. The permissions SUID and SGID take on the values 4 and 2, respectively.
Go through some of the examples covered in the previous section to get an idea of how to use the octal method of changing permissions.
In order to set the “world” read access to all files in a directory, do this:
chmod 0444 *
To stop anyone except the owner of the file .profile from writing to it, do this:
chmod 0600 .profile
Common Errors
Many new users find the octal specification of file permissions confusing. The most important thing to keep in mind is that the octal method sets or assigns permissions to a file, but it does not add or delete them.
This means that the octal mode does not have an equivalent to
chmod u+rw .profile
The closest possible octal version would be
chmod 0600 .profile
But this removes permissions for everyone except the user. It can also reduce the user’s permissions by removing that person’s execute permission.
Just keep in mind that the octal mode sets the permissions of files not to modify them, and you will not run into any problems.
| Previous | Table of Contents | Next |