Linux commands to manage file/directory permissions

There are three types of permissions in Linux that an authorized user can have. 

• read: for files, this is the ability to read the file contents; for directories, this is the ability to read all contents in the directory including both files and subdirectories

• write: for files, this is the ability to make modifications on the file contents; for directories, this is the ability to create new files in the directory

• execute: for files, this is the ability to execute the file if it’s a program; for directories, this is the ability to enter the directory and access its files

Permissions are granted for three different types of owners. 

• User

The first type is the user. The user is the owner of the file. 

When you create a file, you become the owner of the file, but the ownership can be changed. 

• Group

Group is the next type. Every user is a part of a certain group. 

A group consists of several users, and this is one way to manage a multi-user environment. 

• Other

Finally, there is other. Other can be considered all other users on the system. Basically, anyone else with access to the system.

The first line of the screenshot displays the command I entered, and the other lines display the output. The code lists all contents of the projects directory. I used the ls command with the -la option to display a detailed listing of the file contents that also returned hidden files. The output of my command indicates that there is one directory named drafts, one hidden file named .project_x.txt, and five other project files. The 10-character string in the first column represents the permissions set on each file or directory.

The 10-character string can be deconstructed to determine who is authorized to access the file and their specific permissions. The characters and what they represent are as follows:

●      1st character: This character is either a d or hyphen (-) and indicates the file type. If it’s a d, it’s a directory. If it’s a hyphen (-), it’s a regular file.

●      2nd-4th characters: These characters indicate the read (r), write (w), and execute (x) permissions for the user. When one of these characters is a hyphen (-) instead, it indicates that this permission is not granted to the user.

●      5th-7th characters: These characters indicate the read (r), write (w), and execute (x) permissions for the group. When one of these characters is a hyphen (-) instead, it indicates that this permission is not granted for the group.

●      8th-10th characters: These characters indicate the read (r), write (w), and execute (x) permissions for other. This owner type consists of all other users on the system apart from the user and the group. When one of these characters is a hyphen (-) instead, that indicates that this permission is not granted for other.

For example, the file permissions for project_t.txt are -rw-rw-r--. Since the first character is a hyphen (-), this indicates that project_t.txt is a file, not a directory. The second, fifth, and eighth characters are all r, which indicates that user, group, and other all have read permissions. The third and sixth characters are w, which indicates that only the user and group have write permissions. No one has execute permissions for project_t.txt.

The chmod command changes the permissions on files and directories. The first argument indicates what permissions should be changed, and the second argument specifies the file or directory. In this example, I removed write permissions from other for the project_k.txt file. After this, I used ls -la to review the updates I made.

Please find below how each character is used within the first argument of chmod:

u   indicates changes will be made to user permissions

g   indicates changes will be made to group permissions

o   indicates changes will be made to other permissions

+   adds permissions to the user, group, or other

-   removes permissions from the user, group, or other

=  assigns permissions for the user, group, or other

Note: When there are permission changes to more than one owner type, commas are needed to separate changes for each owner type. You should not add spaces after those commas.

Summary

I changed multiple permissions to match the level of authorization my organization wanted for files and directories in the projects directory. The first step in this was using 

ls -la to check the permissions for the directory. This informed my decisions in the following steps. I then used the chmod command multiple times to change the permissions on files and directories.