Having multiple users and groups with access to the same linux PC/server is great, but not everyone should have access to everything, eh.
For this, we'll use an example file, and switch ownership between root, and our user. So run the following snippet if your're using this as a tutorial, otherwise just read on.
mkdir ~/permsExample && cd ~/permsExample && sudo touch FILENAMEBasic File Permisssion Breakdown
For certain things, such as computers with only a few users/groups this works splendid.
If we run a ls -l FILENAME, we'll see something along the lines of the below.
-rw-r--r-- 1 root root 0 Sep 14 13:02 FILENAME-rw-r--r-- being the permissions for User, Group, and Others which can be rwx for read, write, and executable permissions. Set in groups of 3s for User/Group/Others respectively.
root root refers to the owner user and owner group.
Set User/Group Ownership
Each file, and directory within UNIX has an owner user, and owner group.
By default when you create a file your user will be the owner, and your usergroup will be the owner group.
This can be changed with a simple command (that may need to be run with sudo).
chown USER FILENAME
chown :GROUP FILENAME
chown USER:GROUP FILENAMEThe above snippet has the chown command run three different times with different purposes.
The first is to change just the owner user, second to change just the owner group,
and third to change both at the same time.
So to change the owner user for FILENAME to our own user, we'd run sudo chown $USER FILENAME, then verify the change by running ls -l FILENAME.
Set Permissions for User/Group/Others
Now we'll take a look at the file permissions that will affect the owners, and all other users.
If we look back at the ls -l FILENAME mentioned earlier you'll recall the brief -rw-r--r-- mention.
Intro to the rw-r--r-- meaning
There are 10 dashes (-) that can be set, ignoring the first for now leaves us with 9, seperated by 3s.
The first group of three rw- in this example shows that the owner user has read/write permissons, but no executable permissions.
The second group r--, shows the owner group only has read permissions, not write/executable permissions.
And the third group r--, shows that other users have read permissions, but cannot write/execute the files.
Set permissions
The below commands will set read, write, and execute permissions for the user, and group and give all other users read permissions for filename.file.
chmod ug+rwx FILENAME
chmod o+r FILENAMEFirst thing after the chmod command (and a space) can be any combination of ugoa. Referring to user, group, other, and all.
Second, immediately after the letters can be one of +,-,= which are used to add, remove, or set (exact) permissions.
Third, any combination of rwx for read, write, executable permissions.
Follow this up with a space and the file/directory name and poof, permissions are set. If you'd like to set permissions for all files within a directory (and not just new ones created), also add a -R at the end of the command.
Set permissions by number
Many guides, examples, snippets, and such do not give their demonstration of setting permissions in the same manner as above, instead they'll use numbers, such as the below.
chmod 755 FILENAMEThis chmod command will give rwx permissions to the owner user, and rx to the owner group, and other.
The numbers are much simpler to understand than you'd think:
4 = Read
2 = Write
1 = Execute/executable
These numbers get added up and grant those permissions to the users. So 7 = rwx, 6 = rw, 5 = rx, 3 = wx, 0 = no permissions, etc.
You'll also spot that there are 3 numbers, 7,5,5. These are for user, group, and other respectively. So each rwx number up to 7 sets the permissions for different users.
Chmod directories
The chmod command can also be used on directories. The following example will give all permissions to all users for that directory, and all its child files/directories.
chmod a=rwx directoryName -RExtra
Access Control Lists (ACL) Permissions for a guide to access control lists.