chmod

CHange Mode - Change permissions on files/folder

What is chmod

chmod is a command-line utility in Unix-like operating systems that allows users to change the permissions of files and directories. Its name stands for “change mode.” In Unix-like systems, every file and directory has permission attributes that determine who can read, write, and execute them. chmod enables users to modify these permissions using either symbolic or numeric representation. Symbolic representation involves using letters and operators to add, remove, or set permissions for the owner, group, and others. Numeric representation uses a three-digit code in octal format to specify permissions. Overall, chmod is a fundamental tool for managing access control in Unix-like systems, empowering users to control who can access and modify their files and directories.

chomd_main_2

Advantages with chmod

chmod offers several advantages in managing file and directory permissions in Unix-like systems. Firstly, it provides fine-grained control over access, allowing users to specify read, write, and execute permissions separately for the file owner, group, and others. This granularity ensures that access privileges can be tailored precisely to meet security and organizational requirements. Secondly, chmod is flexible and versatile, supporting both symbolic and numeric representation of permissions. Symbolic representation allows for intuitive manipulation of permissions using letters and operators, while numeric representation provides a concise and efficient way to set permissions using octal codes. Moreover, chmod enables automation and scripting, facilitating the implementation of access control policies across multiple files and directories. Additionally, chmod is a core component of Unix-like systems, ensuring compatibility and consistency across different platforms and distributions. Overall, chmod is a powerful and indispensable tool for managing access control, offering simplicity, flexibility, and robustness in securing files and directories.

Screen shoots

File Permissions

Termomonlogy and Concept

Here’s a list of terminology and concepts associated with the chmod command in Unix-like systems:

  1. Permissions: The actions that users or groups can perform on a file or directory, including read (r), write (w), and execute (x).
  2. Owner: The user who owns the file or directory and has special privileges to modify permissions.
  3. Group: A collection of users who share certain permissions on a file or directory.
  4. Others: All users who are not the owner of the file or directory and not members of the group associated with it.
  5. Symbolic Representation: A method of specifying permissions using letters (u for user/owner, g for group, o for others, and a for all) and operators (+ to add a permission, - to remove a permission, and = to set the permission explicitly).
  6. Numeric Representation: A method of specifying permissions using a three-digit code in octal format, where each digit represents the permissions for the owner, group, and others, respectively.
  7. File Mode: The combination of permissions (read, write, execute) assigned to a file or directory, represented by a string of characters or a numeric code.
  8. Symbolic Mode: A way of changing permissions by specifying modifications relative to the current permissions using symbolic representation.
  9. Numeric Mode: A way of changing permissions by specifying permissions directly using numeric representation.
  10. Mode Bits: The bits in a file’s metadata that represent its permissions, including the read, write, and execute bits for the owner, group, and others.
  11. Sticky Bit: A special permission bit that can be set on directories to restrict deletion of files within them, even for users with write permissions.
  12. Setuid and Setgid: Special permissions that allow a program to run with the privileges of the file’s owner (setuid) or group (setgid), rather than the user executing the program.

Understanding these concepts is crucial for effectively managing file and directory permissions using the chmod command in Unix-like systems.

Permission groups

There are three permission groups that determine who can access files and directories:

  1. Owner: The user who owns the file or directory. This group typically includes the user who created the file or directory.
  2. Group: A collection of users who share certain permissions. Each file or directory belongs to a specific group, and members of that group are granted permissions accordingly.
  3. Others: Everyone else who doesn’t fall into the owner or group categories. This group encompasses all users who are not the owner and not members of the group associated with the file or directory.

These permission groups allow for granular control over access to files and directories, ensuring that security policies can be effectively implemented and enforced.

Permissions - On Files

In Unix-like systems, there are three basic types of permissions that can be applied to files and directories:

  1. Read (r): This permission allows a user to view the contents of a file or list the contents of a directory. For a directory, it also allows users to see which files are stored within it.
  2. Write (w): This permission allows a user to modify the contents of a file or create, rename, or delete files within a directory. For a directory, it also allows users to create or delete files and subdirectories.
  3. Execute (x): This permission allows a user to execute a file as a program or script. For directories, it allows users to access files and subdirectories within the directory. Without execute permission on a directory, a user cannot access any of its contents, even if they have read or write permissions on individual files within the directory.

These permissions are assigned separately for three different categories of users: the owner of the file or directory, the group associated with the file or directory, and all other users (often referred to as “others”). By combining these permissions with the three user categories, administrators can finely control who can access, modify, and execute files and directories on a Unix-like system.

Permissions - On Folder/Directories

Here’s how permissions are typically set on a folder:

  1. Read (r) permission: Allows a user to list the contents of the directory using commands like ls or view file metadata like permissions and timestamps. Without read permission, a user cannot see the contents of the directory, though they may still be able to access files if they know their names.
  2. Write (w) permission: Allows a user to create, rename, or delete files and subdirectories within the directory. Without write permission, a user cannot modify the contents of the directory in any way, even if they have write permission on individual files within it.
  3. Execute (x) permission: Allows a user to access files and subdirectories within the directory. Without execute permission, a user cannot access the contents of the directory, even if they have read or write permission on individual files within it. Execute permission is also required to search the directory for a specific file or subdirectory.

Additionally, there’s a special case for directories:

  1. Execute (x) permission for a directory: In addition to allowing access to files and subdirectories within the directory, the execute permission on a directory is required to access files or subdirectories inside it. Without execute permission on a directory, a user cannot access any files or subdirectories within it, regardless of the permissions set on those files and subdirectories.

When setting permissions on a folder using the chmod command, you can use the same symbolic or numeric representation as with files to specify the desired permissions. When file type is d its a directory and when it is a file.

Commands

You may need sudo privilegies to execute chmod
DESCRIPTION COMMAND
Sets the file permissions to read, write, and execute for the owner, and read and execute for the group and others, allowing the owner full control and others the ability to execute the file. chmod 755 filename
Grants read and write permissions to the owner of the file, and read-only permissions to the group and others, commonly used for non-executable files. chmod 644 filename
Adds execute permission for the owner, group, and others, making the file executable. chmod +x filename
Removes execute permission for the owner, group, and others, making the file non-executable. chmod -x filename
Adds execute permission for the owner of the file only. chmod u+x filename
Removes read permissions for the group and others, restricting access to only the file owner. chmod go-r filename
Recursively sets the permissions of all files and subdirectories within the directory to read, write, and execute for the owner, and read and execute for the group and others. chmod -R 755 directory
Recursively grants read and write permissions to the owner of the directory and all its contents, while ensuring that only directories receive execute permissions (files are not affected). chmod -R u+rwX directory
Sets the setgid bit on the directory, causing all new files and subdirectories created within it to inherit the group of the parent directory. chmod g+s directory
Sets the sticky bit on the directory, ensuring that only the file owner or root can delete or rename files within it, commonly used for directories with shared write access. chmod o+t directory