HB Computer Security | Aide Memoire
  • Introduction
  • Core Technical Skills
    • Core Skills
      • Linux
        • Getting to Know Linux
          • Using the Shell
            • Shells, Terminals, and Virtual Consoles
            • Choose your Shell
            • Shell Commands
              • Non-PATH Commands
              • Command History
                • Command Line Editing
                  • Keystrokes for Navigating Command Lines
                  • Keystrokes for Editing Command Lines
                  • Keystrokes for Cutting and Pasting Text from within Command Lines
                • Command Line Recall
                  • Keystrokes for Command Line Recall
              • Connecting and Expanding Commands
                • Piping Between Commands
                • Sequential Commands
                • Expanding Commands
            • Shell Variables
              • Common Shell Variables
            • Aliases
            • Create your Own Shell Environment
              • Modification Ideas
          • Navigating the Linux File System (LFS)
            • Filesystem Commands
            • Listing Files and Directories
            • File Permissions and Ownership
              • Modifying Permissions with chmod
              • Modifying Default Permissions with umask
              • Change File Ownership with chown
            • Copying, Moving, and Removing Files
            • Finding Files
              • locate
              • find
              • grep
            • Downloading Files
              • axel
              • wget
              • curl
                • User-Agent: Googlebot
          • Working with Text Files
            • Using vim and vi to Edit Text Files
              • Starting with vi
              • Adding Text
              • Moving Around in the Text
            • Text Manipulation
        • System Administration
          • Installing Linux
            • Installing from Live Media
            • Installing in the Enterprise
            • Partitioning Hard Disks
              • Tips for Creating Partitions
          • Account Administration
            • The root Account
              • Becoming root with su
              • sudo
                • The /etc/sudoers File
                • Granting sudo privileges
                  • visudo Guidance
                • Useful sudo Hints
            • Other Administrative Accounts
            • Standard User Accounts
              • Risks of userdel: Orphaned Files
          • Graphical Remote Administration
            • Cockpit
              • Installation Guide
            • Remote Desktop Protocol with xrdp
              • Installation and Configuration
            • Remote Desktop with vnc
              • Installation and Configuration
              • Running VNC as a System Service
          • Managing Running Processes
            • Listing Processes
              • ps
              • top
              • htop
            • Backgrounding and Foregrounding
              • Starting a Background Process
              • Using Foreground and Background Commands
            • Killing and Recining Processes
              • kill and killall
          • Managing Software
            • Managing Software from the Desktop
            • Going Beyond the Limitations of Software Center
              • Debian Packages
                • Advanced Package Tool (apt)
                • Repositories
                • dpkg
        • Shell Scripting
          • Variables
            • Command Substitution
            • Arguments
          • Reading User Input
          • if, else, and elif
          • BOOLEAN Logic
          • Loops
            • for Loops
            • while Loops
          • Functions
          • Local Vs Global Variables
          • Summary
        • Securing Linux
      • Windows
        • Security Hardening
Powered by GitBook
On this page
  • Numeric Modification
  • Letter Modification

Was this helpful?

  1. Core Technical Skills
  2. Core Skills
  3. Linux
  4. Getting to Know Linux
  5. Navigating the Linux File System (LFS)
  6. File Permissions and Ownership

Modifying Permissions with chmod

If you're the owner of a file, or have admin powers, you can freely tinker with its permissions using the chmod command. There are two ways to tweak these permissions:

  • Numeric

  • Letters

Numeric Modification

Each permission (read, write, and execute) is assigned a numerical value:

  • r = 4

  • w = 2

  • x = 1

To define file permissions, you assign a numeric value to each group of users (owner, group owner, and others). For instance, if you want to grant full access to yourself as the owner, you'd set the first number to 7 (4 + 2 + 1). Then, for the group and others, if you want to allow read-only access, you'd set both the second and third numbers to 4 (4 + 0 + 0), making the final number 744.

You can use any combination of permissions, ranging from 0 (no access) to 7 (complete access):

Command

Resulting Permissions

chmod 777 example_file

RWX | RWX | RWX

chmod 755 example_file

RWX | R-X | R-X

chmod 644 example_file

RW- | R-- | R--

chmod 000 example_file

--- | --- | ---

You can also use the chmod command recursively. For instance, if you want to grant 755 permissions (RWX | R-X | R-X) to an entire directory structure starting from $HOME/myapps, you can utilize the -R option, like this:

chmod -R 755 $HOME/myapps

Now, all files and directories within (and including) the $HOME/myapps directory will have 755 permissions applied.

When you need to change permission bits recursively for a large group of files, it's more common to use letters instead of the numerical approach, as it allows you to modify permission bits individually.

Letter Modification

You can enable or disable file permissions using plus (+) and minus (–) signs, along with letters to specify what changes, and for whom. When using letters, you can alter permissions for the user (u), group (g), other (o), and all users (a). The changes include read (r), write (w), and execute (x) bits.

For instance, let's begin with a file that has all permissions granted (777, or RWX | RWX | RWX). Execute the following chmod commands using minus options. The resulting permissions are displayed to the right of each command:

Original Permissions

Command

Resulting Permissions

RWX | RWX | RWX

chmod a-w example

R-X | R-X | R-X

RWX | RWX | RWX

chmod o-x example

RWX | RWX | RW-

RWX | RWX | RWX

chmod go-rwx example

RWX | --- | ---

Indeed, you can modify a single aspect of the permissions without needing to specify all three sets. This simplifies the process of adding or removing permissions from a specific set, leaving the other sets unaffected. For instance, if you wish to eliminate write permission for others without altering any other permission bits for a group of files and directories, you could execute the following:

chmod -R o-w $HOME/myapps

This example recursively removes write permissions for other on any files and directories below the myapps directory. If you had used numbers such as 644, execute permission would be turned off for directories; using 755, execute permission would be turned on for regular files. Using o-w, only one bit is turned off and all other bits are left alone.

PreviousFile Permissions and OwnershipNextModifying Default Permissions with umask

Last updated 1 year ago

Was this helpful?