File Permissions in Linux: A Brief Guide to Using Chmod
In Linux, file permissions are used to control access to files and directories. There are three permission classes that can be assigned to files and directories: read, write, and execute. In this guide, we will cover how to display file permissions and how to use the chmod command to change them.
Displaying File Permissions
To display the file permissions for a file or directory, you can use the ls command with the -l option. The output will include a series of letters and symbols that represent the file's permissions.
Here is an example output:
-rw-r--r-- 1 user group 0 May 5 12:34 example.txt
The first character (-) indicates the type of file (in this case, a regular file). The next three characters (rw-) represent the read and write permissions for the file owner. The next three characters (r--) represent the read permission for the group, and the final three characters (r--) represent the read permission for others.
Using Chmod to Change File Permissions
To change the file permissions, we can use the chmod command. The chmod command can modify the permissions for the owner, group, and others, and can also set or clear the setuid, setgid, and sticky bits.
Here is an example of how to use chmod:
touch example.txt
chmod 644 example.txt
ls -l example.txt
#OUTPUT
-rw-r--r-- 1 user group 0 May 5 12:34 example.txt
This command adds (+) the execute permission (x) to the file owner (u) for the file example.txt.
Here is a table of some common chmod commands:
Command | Meaning |
chmod u+x | Add execute permission for the file owner |
chmod g+r | Add read permission for the file group |
chmod o-w | Remove write permission for others |
chmod 755 | Set the permissions to rwxr-xr-x |
In the last example, 755 sets the permissions to read, write, and execute for the owner, and read and execute for the group and others.
Changing User File and Group Ownership
In Linux, ACLs are used to define permissions that go beyond the traditional file permission system. They allow you to set permissions for specific users or groups on a file or directory, which can be more granular than the standard owner, group, and other permissions.
To enable ACLs on a file system, you need to mount it with the acl
option. For example, if you have a file system mounted at /mnt/data
, you can enable ACLs by adding acl
to the mount options in /etc/fstab
:
UID=1234-5678 /mnt/data ext4 defaults,acl 0 2
Once ACLs are enabled on a file system, you can use the setfacl
command to set ACLs on files and directories. Here are some examples:
To add a new user to the ACL of a file:
setfacl -m u:alice:rwx file.txt
To add a new group to the ACL of a file:
setfacl -m g:developers:rw file.txt
To remove a user from the ACL of a file:
setfacl -x u:bob file.txt
To view the ACL of a file:
getfacl file.txt
ACLs can also be inherited from parent directories. For example, if you set an ACL on a directory, all new files and subdirectories created in that directory will inherit the ACL. To enable ACL inheritance, use the default
keyword:
setfacl -m d:u:alice:rwx /mnt/data/docs
This sets the default ACL for the /mnt/data/docs
directory, so that any new files or directories created in it will automatically inherit the ACL.
In conclusion, Access Control Lists (ACLs) provide a powerful tool for managing file permissions in Linux. They allow for fine-grained control over access to files and directories, and can be used to set permissions for specific users or groups. By enabling ACLs on a file system and using the setfacl
command, you can take advantage of this feature to manage access to your files and directories.