16. Ch- Ch- Changing File Permissions
Access to files in Linux is based on permissions. As you may know, we talk about "users" and "groups." Each has different permissions regarding access to files. The available permissions are read, write, execute, and no permission. This installment delves into file permissions, how to find out what the current permisions are, and how to use the chmod command to change them.


IMPORTANT: The tips in this document require the use command-line commands. For more information about how to read and execute Linux command-line prompts and commands, please check the Linux Clues' Linux Cheat Sheet, especially Linux Prompt Basics and Linux Command-Line Nomenclature. You'll need to start by logging in as root. If you're not sure how to do that, read Logging in and out as Root.


File Permissions Explained
There's a clever command that let's you check existing file permissions. The command "ls" lists all the files in the current directory, "ls -a" shows all the hidden files as well. Typing this returns the results in "long" format:

$ ls -l

So, for example, when you type something like:

$ ls -l /etc/gnome/gnomerc

Linux will return list the file permissions for the file gnomerc in this format:

-rwxr-xr-x   1   root   root   484 Feb 25 14:08 /etc/gnome/gnomerc

This does look a bit complicated at first, but it gets easier once you understand what everything means. The first 10 characters should be read like this:

- | rwx | r-x | r-x

The first character, the "-", tells you whether the item you're checking is a file (-), a directory (d), or a link (l).

The next three characters, "rwx", express the permissions for the user (or file owner). They correspond to: Read, Write, and eXecute.

The next three characters, "r-x", are for the group.

The last three-character set, "r-x", refers to public permissions, or "everyone."

You've already gotten what you came for, the permissions for the file. But here's how the rest of the listing should be interpreted:

The "1" stands for the number of links to the file.

The position where the first "root" appears lists the file owner.

The position where the second "root" appears lists the group.

The "484" is the size in bytes.

The date and time refer to the last modification to the file.

And, the last bit refers to the name and path of the file being checked.

Getting Directory Permissions
The same command works for checking all the permissions of a directory and its file contents. So, for example, type (replacing "bruno" with your user name):

$ ls -al /home/bruno

That returns a long list of all the files in your home directory and their permissions. Because that tends to be too long for your screen, the better way to do it is to instead type:

$ ls -al /home/bruno >permissions

That creates a text file called "permissions" in your home directory. Print it out for further inspection.

Changing File Permissions
You change permissions with letters or numbers. We prefer the numbers, which are in hexadecimal. Do you remember the chmod 775 command from the All That Bash installment of Linux Explorer? (Look under the "Bash Script" heading.) That was one example of changing permissions. Typing the following command (choosing the filename of your choice) will change the permissions of the file to rwx r-x r--.

# chmod 754 {filename}

Remember, the available permissions are Read, Write, and eXecute. Each permission is assigned a different number:

Read = 4
Write = 2
eXecute = 1

The first number in the chmod command above corresponds to the "user"; the second number corresponds to the "group"; and third number corresponds to "everyone." Add the numbers for the permissions you want to assign to each position.

To give the user all permissions, you add up the numbers for the three permissions: 4 + 2 + 1 = 7

To give the group Read and eXecute (not Write) permissions: 4 + 1 = 5

And to give everyone read-only permission: 4 = 4.

Put them together and you get chmod 754.

So, if you change a file's permissions to 777, that will give all permissions to everybody. Not a wise thing to do.

Chown and chgrp are two commands also related to permissions:

# chown

This changes the owner of the file.

# chown anna tessst

This example changes the owner of the file tessst from bruno to anna.

# chgrp

This changes the group ownership of a file if you changed the user and the user belongs to another group. If you want to change both user and group at the same time you can do it this way:

# chown anna:anna tessst

This example changes the owner to anna and the group to anna.

When you want to do the same thing for all the files in a directory, type it with the -R attribute:

# chown -R anna:anna tessst

The Letter-Based Method
In addition to the method described above there is a second way to change permissions. Chmod uses either the hexadecimal representation of the permissions or a letter-based representation. The letter-based representation is [ugoa][+-][rwx]. This is one of the letters u (user=file owner), g (group), o (others), a (all users, groups and others); followed by + or - to add or remove permissions; and then the symbolic representation of the permissions in the form of r(read) w(write) x(execute). To extend Write permissions to all for the file "file.txt," for example, you would type:

# chmod a+w file.txt

Is your head spinning yet? That's enough on this subject. Next time we'll tackle another exciting Linux adventure.