Permission Management

To change directory permissions in Linux, use the following:

chmod +rwx filename to add permissions.

chmod -rwx directoryname to remove permissions.

chmod +x filename to allow executable permissions.

chmod -wx filename to take out write and executable permissions.

Note that “r” is for read, “w” is for write, and “x” is for execute. 

This only changes the permissions for the owner of the file.

The command for changing directory permissions for group owners is similar, but add a “g” for group or “o” for users:

chmod g+w filename

chmod g-wx filename

chmod o+w filename

chmod o-rwx foldername

The system automatically assigns the following permissions a file if using the touch command.

[root@host ~]# touch test.txt

[root@host ~]# stat test.txt

  File: test.txt

  Size: 0 Blocks: 0 IO Block: 4096 regular empty file

Device: fd03h/64771d Inode: 654750 Links: 1

Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)

Access: 2020-04-21 12:53:25.612051178 -0400

Modify: 2020-04-21 12:53:25.612051178 -0400

Change: 2020-04-21 12:53:25.612051178 -0400

 Birth: -

If we create a directory, it assigns the following permission set to it.

[root@host ~]# mkdir test

[root@host ~]# stat test

  File: test

  Size: 4096 Blocks: 8 IO Block: 4096 directory

Device: fd03h/64771d Inode: 654751 Links: 2

Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)

Access: 2020-04-21 12:54:25.172601585 -0400

Modify: 2020-04-21 12:54:25.172601585 -0400

Change: 2020-04-21 12:54:25.172601585 -0400

 Birth: -

[root@host ~]#

To view the current umask value, we use the umask command. Running the umask command by itself provide the default permissions that are assigned when a file or folder is created.

[root@host ~]# umask

0022

[root@host ~]#

To change these values, we will use the following command.

[root@host ~]# umask 022

Umask Configuration Location

In most Linux distributions, the umask value can be found and configured in the following locations:

/etc/profile – this is where system-wide default variables are stored

/etc/bash.bashrc – this is where default shell configuration files are stored

As noted in the umask man page above, we can use specific symbols to specify permission values we want to set. To preview the currently set umask value in symbols, we use the following command:

root@shell ~# umask -S

u=rwx,g=rx,o=rx

root@shell ~#

To change it, we can use the command in which the letters “u,” “g,” and “o” represent the user, group, and other or world, as shown below.

root@shell ~# umask u=rwx,g=rx,o=r                                                                                                                                                            

root@shell ~# umask -S                                                                                                                                                                        

u=rwx,g=rx,o=r                                                                                                                                                                                

root@shell ~#

When settings permissions this way, we supplement each “$” placeholder with the desired permission symbol(s). The equal “=” sign is not the only operator at our disposal when setting umask with symbolic values. We can use plus “+” and minus “–” operators as well.

The = symbol allows permissions to be enabled, prohibiting unspecified permissions

The + symbol allows permissions to be enabled, ignoring unspecified permissions

The – symbol prohibits permissions from being enabled, ignoring unspecified permissions

To change the owner of a file use the chown command followed by the user name of the new owner and the target file as an argument:

chown USER FILE

For example, the following command will change the ownership of a file named file1 to a new owner named testuser:

chown testuser file1

To change the ownership of multiple files or directories, specify them as a space-separated list. The command below changes the ownership of a file named file1 and directory dir1 to a new owner named testuser:

chown testuser file1 dir1

How to Change the Group of a File

To change only the group of a file use the chown command followed by a colon (:) and the new group name (with no space between them) and the target file as an argument:

chown :GROUP FILE

The following command will change the owning group of a file named file1 to www-data:

chown :www-data file1

To recursively operate on all files and directories under the given directory, use the -R (--recursive) option:

chown -R USER:GROUP DIRECTORY

The following example will change the ownership of all files and subdirectories under the /var/www directory to a new owner and group named www-data:

chown -R www-data: /var/www

If the directory contains symbolic links pass the -h option:

chown -hR www-data: /var/www