The article below will cover the basics of permissions and ownership for linux servers and how to change both of them.
To start off we'll create a file to work with. Creating a new file can be done with the completed with the 'touch' command. For example, say we want to create a new file named "test".
We would complete this with the following syntax:
Here, we used the 'touch' command to create the file named "test".
Next, we will be creating a directory. To create a directory, we utilize the 'mkdir' command.
We would complete this with the following syntax:
Now that we know how to create files and directories, let's look at modifying the permissions and ownership of the file and folder.
Through 'ls -l' we are able to see a few things, which I will break down here in a moment:
As you can see above, utilizing the '-l' switch on the command 'ls' gives us a move verbose output of the current directory.
The first value on the "testdir" tells us that the object is a directory (the "d" at the front of the output). If you notice, "test" does not have this as it is a file, not a directory.
The next 3 variables are permissions for the Root user. The "r" stands for "Read", the "w" stands for "Write" and the "x" stands for "Exectue". The permissions can be modified through a command 'chmod', which I will get to in a moment.
The next 3 variables are also permissions, however they are permissions for the owner of the file or folder, which is in this case, Root. This will come more into play later. Same as above, the "r" stands for "Read", the "w" stands for "Write" and the "x" stands for "Execute". However, you may notice that some of these values are missing. Again, we will cover this in a bit through 'chmod'.
The final 3 variables are also permissions, however they stand represent the permissions of everyone on the server. If we had a user "Joe", Joe would currently have Read and Execute permissions on "testdir", while only having Read permissions on the "test" file.
Note: The "w" or Write value allows not only for a file to be written to, but deleted as well.
The next to values that we will look at are "root root". These values stand for Owner and Group, respectively.
In this example, you see that "root" is both the owner, and the group. These values can be changed through the command 'chown', which we will cover shortly here, for now we will go back to 'chmod'.
Common usage of 'chmod' that you find is 'chmod +x <file>', this will give all users permission to execute a file. However, what if you do not want to have everyone on the system to have execute permission?
The way to control who has access to a file is quite easy. We will use the 'chmod' command, however we will specify which group (root, owner and everyone) will have access to a file, furthermore, what types of access they will have as well.
For example, I want to give root full permissions (Read, Write and Execute), I then want to give my file owner Read and Write privileges, and finally I want everyone to have no access to this file at all:
I utilized 'chmod 760 test' to give the root user Read, Write and Execute permissions with (7). I gave the second user, the owner of the file, Read and Write permissions (6) and I gave everyone on the server no permissions at all to the file (0). The Read, Write and Execute permissions each have a value represented by a number in 'chmod'. These values are as follows:
Each of these numbers cannot be added together to make the others, for example:
2 + 1 = 3 (Write and Execute)
1 + 4 = 5 (Execute and Read)
4 + 2 = 6 (Read and Write)
1 + 2 + 4 = 7 (Execute, Write, Read)
This is so that the system knows specifically which values to assign for the user permissions you set.
This command also applies to directories as well, as 'chmod' is what controls file and folder permissions. Read the 'man' page on 'chmod' to see additional options.
Note: The default 'umask' in most Linux Operating Systems is '022'. This means that files that are created, by default have the permissions '755'. Feel free to do more reading on 'umask' online or in the man page.
Now, let's get back to 'chown'. We have seen now how to change file and folder permissions with 'chmod', and we have also learned what each value stands for. Now how do we change who owner and user group of a file? It is completed by utilizing the 'chown' command.
Here is an example of 'chown':
As you can see above, we executed 'chown testuser:testgroup testdir'. This modified the owner from "root" to the new owner "testuser" and the group from "root" to the new group "testgroup".
As always, read the 'chown' man page for further information.
- How to setup nginx (with directory structure, virtual hosts, port forwarding), mysql, php, fastcgi
- How to setup LAMP - Apache (with directory structure and virtual hosts), mysql, and php
- Custom Swap on Linux Virtual Machines
- How do I generate an SSL CSR for a Linux or Windows Server
- Importing and Exporting MySQL Databases in Linux