In this post we will learn how to use “chmod” command to change file permissions in Redhat Enterprise Linux 6. Linux is a multi-user operating system; this means many users can have access to particular file or directory. To maintain security, in Linux, there are three categories of user (user, group and other) for file permission (as discussed in previous post), also we have three types of permission: read, write and execute for each type of user.
To view current permissions of a file we can user long directory listing command “ls -l”:
[root@PawanS1 ~]# ls -l test_file.txt
-rwxr-xr-- 1 pawan admin 30 Aug 27 13:05 test_file.txt
-rwxr-xr-- 1 pawan admin 30 Aug 27 13:05 test_file.txt
In the above example we can see that owner of the file is pawan, group owner of the file is admin and file have permissions rwxr-xr-- which means:
User have read, write and execute (rwx) permissions.
Group have read and execute(r-x) permission.
And others have only read(r--) permission.
Note: “-“ means no permission.
This means user pawan have full access of file test_file.txt, he can read, modify and also execute the file. And members of group admin can only read and execute the file. Also users other that pawan and members of group admin can only read the file and can’t modify or execute the fiel.
To change the permission of file we can user “chmod” command, only root and file owner can change permission of file. There are two methods of changing permissions:
- Symbolic mode
- Numeric mode
Symbolic Mode:
Symbolic mode is very easy to user. There are three steps in this process:
- Decide whether you have to change permission for user (u), group (g), other (o) or for all (a).
- Decide to add (+), remove (-) or reset all permission (=).
- Decide what would be the permission: read (r), write (w), or execute (x).
- Then give the name of file of which you have to change permission.
Few examples of chmod in symbolic mode:
- Remove execute permission from user
[root@PawanS1 ~]# chmod u-x test_file.txt
- Add write permission for both group and other
[root@PawanS1 ~]# chmod go+w test_file.txt
- Remove write and execute permissions from other
[root@PawanS1 ~]# chmod o-wx test_file.txt
- Add write permissions for all
[root@PawanS1 ~]# chmod a+w test_file.txt
- Change permission of user to rwx
[root@PawanS1 ~]# chmod u=rwx test_file.txt
- To remove execute permission recursively from files in a directory
[root@PawanS1 ~]# chmod -R u-x Test_Directory/
Below table summarize the chmod in symbolic mode
|
User to be modified
|
What to do
|
Permission
|
|
u (user/owner)
|
+ (add permission)
|
r (read)
|
|
g (group)
|
- (remove permission
|
w (write)
|
|
o (other)
|
= (change permission)
|
x (execute)
|
|
a (all)
|
Note: besides above mentioned permissions there are two more permissions SUID/SGID(s) and Sticky bit(t) which can be set to give special permission.
Numeric Mode:
Numeric mode of chmod command is also very useful and easy. This changes old permission directly to new permissions. In numeric file permissions are represented by three digit number. Also each permission(r,w and x) are represented with a number.
4=read(r)
2=write(w)
1=execute(x)
0=none(-)
To create permission we have to add number accordingly. For example:
rwx = 4+2+1 = 7
rw- = 4+2+0 = 6
--x = 0+0+1 = 1
To change permission we have to give a 4 digit number combining the above to change permission of file, in which the first digit is permission for user, second digit is permission for group and the third digit is permission for other.
Few examples of chmod in Numeric mode:
- To change permission to -rwx-rw-r--
[root@PawanS1 ~]# chmod 0764 test_file.txt
In the above example 7=4+2+1, 6=4+2+0 and 4=4+0+0. This means owner have rwx(7), group have rw-(6) and others have r--(4) permission.
- To change permission to -rw-r-x--x
[root@PawanS1 ~]# chmod 0651 test_file.txt
Note: The first digit 0 is for special permission like SUID, SGID and Sticky bit.
Besides these three bits discussed above there is a special bit which is used to give special permission to a file or directory for setting SUID bit, SGID bit and Sticky bit, which can be represented by. We will discuss this in the next post.
Numeric mode will take some time to get in ease, but it is very useful and effective to change permissions quickly.
Hi,
ReplyDeleteI would like to know more about firewall, iptables and SELINUX policy. Can you help me ?
--SVR