As we said in Permissions and Ownership article, all files are owned by a user, a primary group and a world (everybody, others) group. If we list directory content with the command:
we can see examples of the ownership.
In our example, we created these files as the cicnavi user and that’s why the files are all owned by cicnavi user and cicnavi group. Remember, when we create files, group ownership is given to the primary group of the user who creates the file. Notice the default set of permissions which are -rw-r–r–, for files and drwxr-xr-x for directories. So, for files, the cicnavi user has read and write permission, while the primary (cicnavi) group and the world group have the read permission.
If we want to change permissions on these files, we would use a command called chmod (change mode). This command allows us to change the mode of the file system permissions. We can do it in a couple of ways. We can either use the octal permissions, for example 775. We also have to provide the file name.
chmod 755 test1
We can now see that we had change the permissions to give all permissions to the owner user, read and execute permissions to the primary group, and also read and execute permissions to the world.
However, we can also use the specific permissions based on either the user, group or the world. For this we will use indications for user, group and world, like this:
- user: u
- group: g
- world (other): o
Permissions are indicated with:
- read: r
- write: w
- execute: x
To give the permission we would use the + sign, and to remove the permission we would use the – sign. To set the specific permission we use the = sign.
For example, let’s say that we want to add the write permission to the primary group. To do that we can enter the command:
chmod g+w file1
To remove it from the group owner, we would enter the command:
chmod g-w file1
To set the read, write and execute permission for the group, we can enter:
chmod g=rwx myfile
The most common way of changing permissions for files is to use octal permissions, since we can set all of them in one command.
umask is what sets the default permissions on a file. Without a umask, every file would be created with the permissions of 666, which is read-write for user, group and world. Every directory would be created with the permissions of 777, which is read-write-execute for user, group and world. We really don’t want everybody having access to all of our files by default, so to prevent this w use our umask.
To see the current umask, we can enter the command:
With umask we define permissions that we do not want to be set. As we can see here, the umask of our system is set to 0002, which would basically set file permissions to 664 for files and 775 for folders.
We can also change the umask by typing the umask and then the umask we want to set. For example, if we want to set our umask to 0022, we can enter the command:
Let’s try to create a new file now. As we can see, the umask 0022 will block the the write and execute permission from group and world groups.
To remove all permissions from the other group by default, we can use the: