Linux command line, file permissions: id, chmod, chown commands
Greetings!

Today we’ll learn how to manage file permissions in Linux-based systems. In this note we will cover the following commands: id, chmod, chown. Let’s go)

Preface

The topic of file access control in Linux is very extensive. In this article I didn’t aim to cover it all, but simply to bring the novice reader up to speed and demonstrate frequently used tools. You can read a more detailed article on Linux permissions on Habr. Now, let’s get started.

About file permissions in Linux

In the Unix security model, a user can own files and directories. If a user owns a file or directory, they can control access to it. Users can also belong to a group consisting of one or more users, and be granted access permissions to files and directories for group members, which are defined by the owners. In addition to permissions for the group, the owner can also define certain access permissions for everyone else, referred to in Unix terminology as world.

William Shotts, “The Linux Command Line”

In Linux the following basic access permissions for files and directories are defined:

If you look at the output of the ls command with the -l option in a directory with files, you can find out the current permissions of these files:

BASH
ls -l
Click to expand and view more

The first 10 characters in the command output are the file’s attributes.

These 10 characters are split into blocks. The image below shows their description:

The first character indicates the file type. The image below shows the file types commonly used in practice:

The remaining nine characters define the read, write, and execute permissions for the owner, group, and everyone else. They are also called access modes.

It’s worth noting that each of these modes has a different effect on different file types. Below is a brief description of each mode in the case of regular files and directories:

Description of access modes for files and directories

The image below shows common examples of set modes with their descriptions:

List of commands

So, today our toolset will be expanded with the following commands:

CommandDescription
idlets you get information about a system user and their groups
chmodchange mode, lets you change file access modes
chownchange owner, lets you change the owner and owner group of files

The id command — user and group information

Since the Linux file permission system implies interaction with such entities as the owner and the owner group, let’s study the id command, which can be used to get information about system users and their groups.

Syntax:

BASH
id [options] [username]
Click to expand and view more

Commonly used options of the id command:

OptionValue
-uoutputs the uid of the specified user
-noutputs the group name instead of the uid (used together with -u)

Usage example:

BASH
id
Click to expand and view more

The output of the id command without arguments displays the uid, gid of the current user, as well as the list of groups they are a member of.

To find out information about another user, you need to pass their name or uid as an argument:

BASH
id root

id 0
Click to expand and view more

Note that the root user’s uid is always 0. This constant is often used in scripts to check whether a program is running as the superuser.

BASH
id -u ivan

id -nu ivan
Click to expand and view more

All information about users and groups is stored in system text files:

The chmod command — managing read/write/execute attributes

The chmod command is used to manage file access modes in Linux.

Syntax of the chmod command:

BASH
chmod [options] mode file
Click to expand and view more

Commonly used options of the chmod command:

OptionValue
-voutput diagnostic messages for each file
-Rrecursively change files and directories

For practice, let’s create a few files and directories:

BASH
touch text_file.txt script.sh .hidden_file.log

mkdir dir1 dir2
Click to expand and view more

Now let’s use output redirection to fill these files with some information:

BASH
cat /etc/passwd > text_file.txt

echo "printf 'Hello R4ven'" > script.sh

history > .hidden_file.log
Click to expand and view more

And let’s copy a couple of files into the created directories:

BASH
cp /usr/bin/ls ./dir1/

cp /usr/bin/cat ./dir2/
Click to expand and view more

By default our simple files have read access for everyone. Let’s remove this attribute from the text_file.txt file with this command:

BASH
chmod -r text_file.txt
Click to expand and view more

Without additional parameters, the -r syntax (remove read) removes the read attribute for everyone: user, group, and others.

Now when we try to output its contents, we’ll get an error:

BASH
cat text_file.txt
Click to expand and view more

Now let’s restore read access, but only for the file’s owner, i.e. for us:

BASH
chmod u+r text_file.txt

cat text_file.txt
Click to expand and view more

As you might guess, the + character means “add” the following r attribute. Before the added attribute we set the u (user) parameter, telling the chmod command to make the mode change only for the file’s owner:

Below are the possible parameters of the chmod command with descriptions, as well as examples of possible attribute combinations:

Now, in the same way, let’s add execute mode for the script.sh file only for the owner and the owner group, and try to run it:

BASH
chmod ug+x script.sh

./script.sh
Click to expand and view more

Now let’s remove the write attribute for everyone from the hidden .hidden_file.log file and try to write something to it. Then we’ll restore the write attribute for the owner and write to it again:

BASH
chmod ugo-w .hidden_file.log

echo "TEST" > .hidden_file.log

chmod u+w .hidden_file.log

echo "TEST" > .hidden_file.log

cat .hidden_file.log
Click to expand and view more

This is how access mode manipulation happens. Let’s move on.

As indicated in one of the tables above, to enter a directory, it must have the execute attribute — x. By default this attribute is set for everyone on directories.

Let’s try in practice the situation of completely removing this attribute from the dir1 directory:

BASH
chmod -x dir1

ls -l ./dir1

cd ./dir1
Click to expand and view more

We were unable to read the contents of this directory, nor to enter it.

To restore access to the directory:

BASH
chmod +x dir1

ls -l ./dir1
Click to expand and view more

In all the examples up to this point, we’ve looked at the symbolic method of setting file permissions. But there’s also a format for setting access modes using octal equivalents (numbers from 0 to 7). This format is also very popular.

The main thing to remember:

As well as summing these representations, i.e. 4+2=6 would mean the read and write attribute rw- and so on. Since attributes have three groups, correspondingly setting modes can look like this:

775 — equivalent to rwxrwxr-x.

Below is the equivalence of mode codes in different numeral systems:

As an example, let’s grant full access to everyone (rwxrwxrwx) for the dir2 directory using this method:

BASH
chmod 777 ./dir2

ls -l
Click to expand and view more

As you can see, when full access to a directory is opened, our dir2 even gets highlighted specially in the ls command output.

Below is an image found online, with common examples of octal access modes for the chmod command:

The chown command — assigning owner and group

The chown command is used to change the owner and group of a file or directory. It’s important to note that using this command requires superuser privileges. chown can change the owner and/or group of a file depending on the first argument.

Syntax of the chown command:

BASH
chown [options] [owner][:[group]] file
Click to expand and view more

Commonly used options of the chown command:

OptionValue
-voutput diagnostic messages for each file
-Rrecursively change files and directories

Here are a few examples:

BASH
sudo touch root_owner.txt

ls -l ./root_owner.txt
Click to expand and view more

We see that the file’s owner and group have the value root root. When trying to change the owner NOT as the superuser:

BASH
chown ivan:ivan root_owner.txt

ls -l ./root_owner.txt
Click to expand and view more

Where ivan is my username.

We get an error. Now let’s actually specify the new owner:

BASH
sudo chown ivan: ./root_owner.txt

ls -l ./root_owner.txt
Click to expand and view more

If, after the parameter defining the owner (ivan:), you don’t explicitly specify a group after the colon, the specified owner’s default group will be substituted automatically. In this example that’s ivan:ivan.

The image below shows some examples of chown command arguments:

The chgrp command

In older versions of Unix, the chown command changed only the file’s owner, not the group. To change the group, another command was provided, chgrp. It works almost the same way as chown, but has more restrictions. We won’t cover it, just know that it exists.

Conclusions

Today we covered one of the important parts of Linux-based operating systems: managing basic file access, in other words — file permissions. We learned about:

Try to practice more often. After all, theory without practice is like a CPU without RAM)

Thanks for reading. Good luck!

Useful sources

Copyright Notice

Author: Ivan Cherniy

Link: https://r4ven.me/en/linux/komandnaya-stroka-linux-prava-na-fajly-komandy-id-chmod-chown/

License: CC BY-NC-SA 4.0

Blog materials may be used with attribution to the author and source, for non-commercial purposes, and under the same license.

Start searching

Enter keywords to search articles

↑↓
ESC
⌘K Shortcut