I learned all this from the following url: http://linuxcommand.org/lc3_lts0090.php.
Linux systems allow multiple user to access the machine at the same time.
But, one user should not run something that can crash the system, or use another user’s file.
Hence there is a mechanism to manage file permission.
We will learn the following commands
- chmod – modify file access rights
- su – temporarily become the superuser
- sudo – temporarily become the superuser
- chown – change file ownership
- chgrp – change a file’s group ownership
A file has 3 access rights reserved:
- For a user
- For a group of user
- For everybody else
Here is an example: I ran for bash program.
user@ThinkPad-X200:~$ ls -l /bin/bash
-rwxr-xr-x 1 root root 1021112 Okt 7 2014 /bin/bash
We can interpret it. It’s easy like a pie. 😉
- first, entry is ‘-‘. Please ignore it for now.
- The file is owned by user root.
- Secondly, take a block of 3 letter. which is ‘rwx’. So, root user has read, write, execute permission.
- The file is owned by the group root.
- Take the next 3 letter, ‘r-x’. So, group ‘root’ has read, —–, execute permission. no write permission.
- Lastly, take last 3 letter ‘r-x’. So, Everybody else can read and execute this file.
Very easy right, the permission is written in following order: user, group and everybody else. See the image (Source: http://linuxcommand.org/lc3_lts0090.php) below.
We learned to interpret Permission.
chmod command is used to change file or directory permission.
There are 2 ways to change permission, we will learn the octal notation method.
Computer thinks the permission settings as a series of bits. Some examples below:
rwx rwx rws —– 111 111 111 === 777
rw- rw- — —– 110 110 000 === 660
rwx — — —– 111 000 000 === 700
We can convert each (like ‘110’) set to a single digit (e.g. 6). So, the 3 set of permission (user, group, all) become like 3 digit combination as above (e.g. 777, 660, 700).
And example give a file ‘specialfile’ permission to the user and the group but not all user. Here is the command,
chmod 770 specialfile
Now, the files, that have 7, they are executable files.
Below is commond settings we see for files.
|777||(rwxrwxrwx) No restrictions on permissions. Anybody may do anything. Generally not a desirable setting.|
|755||(rwxr-xr-x) The file’s owner may read, write, and execute the file. All others may read and execute the file. This setting is common for programs that are used by all users.|
|700||(rwx——) The file’s owner may read, write, and execute the file. Nobody else has any rights. This setting is useful for programs that only the owner may use and must be kept private from others.|
|666||(rw-rw-rw-) All users may read and write the file.|
|644||(rw-r–r–) The owner may read and write a file, while all others may only read the file. A common setting for data files that everybody may read, but only the owner may change.|
|600||(rw——-) The owner may read and write a file. All others have no rights. A common setting for data files that the owner wants to keep private.|
chmod for directory
How about the directories? Inside Directory there can be more directory and files.
We can use chmod also for directory, but the interpretation is different:
r = If ‘x’ (execute) is enabled, user can see the files (with ls command).
w = If ‘x’ (execute) is enabled, user can create new files (with touch command).
x = If ‘x’ (execute) is enabled, user can enter the directory (with cd command)
Common settings for a directory are shown in the table below:
|777||(rwxrwxrwx) No restrictions on permissions. Anybody may list files, create new files in the directory and delete files in the directory. Generally not a good setting.|
|755||(rwxr-xr-x) The directory owner has full access. Others can enter directory and see the files, but cannot create or delete files.|
|700||(rwx——) The directory owner has full access. Nobody else has any rights. This setting is useful for directories that only the owner may use and must be kept private from others.|
You want to be the boss? Use su or sudo
Sometimes you want to do some system admin tasks and you want superuser’s privileges for some time.
use ‘su’ and write superuser’s password to become superuser for a while.
A new shell session will start. When, you finish the tasks, write ‘exit’ to exit superuser session.
In Ubuntu, you can use only ‘sudo’ to run a command as superuser. If you run with ‘sudo’, it will not ask for superuser’s password, rather user password.
Change file Ownership
We can change the ownership of a file with ‘chown’ command.
example: sudo chown user2 somefilename
to run chown, we have to use either sudo or become su.
then check the file permission using ‘ls -l somefilename’
Change Group Ownership
It is also possible to change group permission using chgrp command.
“You must be the owner of the file or directory to perform a chgrp.” 
example : chgrp docker /dev/ttyUSB0
here we modified the group ownership to docker groups. Usually, /dev/ttyUSB0 devices are owned by dialout group.
Note: To see the groups, we can run ‘groups’ command.