|Lesson 7||The chmod command |
|Objective||Use the chmod Command and its Options to change File Permissions. |
Use chmod Command and its
Options to change File Permissions
Permission bits are manipulated using the chmod command. This command has two basic forms. The first uses numeric codes:
$ ls -l filename
-rw-rw-r-- 1 jeremy jeremy 1145 Apr 8 09:40
$ chmod 755 filename
$ ls -l filename
-rwxr-xr-x 1 jeremy jeremy 1145 Apr 8 09:42
In the second form of the chmod command, permissions are added or removed by symbolic codes. The levels of user, group, and other are represented by the codes u, g, and o respectively. The permissions are represented as usual by r, w, and x.
The syntax is then
chmod [levels][+/-/=][permission] filename
chmod u+x filename
chmod og=r filename
chmod o-x filename
respectively give user execute permission for filename, set read permission only for other and for group, and remove execute permission for other. The = argument is designed to assign only a specific permission (or set of permissions) to a file or directory.
The = argument will revoke all permissions you do not specifically assign. Here are a few more examples of the +, -, and = arguments. In addition, the a code refers to everyone (all). To remove read permission from user, group, and other simultaneously, type
chmod a-r filename
The empty permission string can be used to remove all permissions from some levels. For example, the following command removes all group-level permissions:
chmod g= filename
The chmod command supports a recursive option. For example, to add read permissions for user, group, and other recursively on a directory and its subdirectories and files recursively , use
chmod -R a+r
Remember, too, that like other commands, chmod can be used with wildcards. To add read permission for user, group, and other to every file in the current directory, the following command will work well:
chmod a+r *
The chmod –R command (and chmod itself) can have dangerous consequences.
For example, suppose you use chmod recursively while possessing root permissions. You would remove execute permission from practically every system command, including chmod. No commands could be run, so no easy fix would be available. Be careful, especially when working as root.
Changing File Permissions using chmod
The text below discusses using the chmod command.
Here are the steps you followed using the chmod command to change file permissions:
- You are currently logged in as user1, a user with normal permissions, and are in your home directory (/home/user1/). Obtain a listing of files in your home directory, including all associated permissions.
Solution: Use the ls command with the –l argument.
- Note that you own a file named readme. As you can see, although you own the file, you do not have read permission for it. Using symbolic codes, change the permissions so you can read, as well as write and execute the file. Do not allow anyone else to read the file.
Solution: chmod u+r readme
- Now you want to create a subdirectory of your home directory in which no one (including yourself, unless you take further steps) can create or delete files. You do, however, want to enable all users to list all directory contents. First, create the new subdirectory.
Solution: mkdir subdir
- Using numeric codes, remove write permissions for all users.
Solution: chmod 555 subdir
- Next, you want to create a new subdirectory of your home directory and then set permissions on this directory so no one, not even yourself, can list the files. However, you still want to allow all users to create and execute files, as long as they know where those files exist. To do this, create a directory named nolist.
Solution: mkdir nolist
- Use the a argument of chmod to remove read privileges to the nolist directory for all users.
Solution: chmod a-r nolist
- Set permissions so that no one but you can list the files. You still want other users to be able to create, delete, and execute new ones, however. Use numeric coding.
Solution: chmod 733 nolist
- Now, switch to the user2 account.
Solution: su user2
- Change to the nolist directory.
Solution: cd nolist
- Type ls -l to list the files, subdirectories, and associated permissions for this directory.
- Note that you cannot list any files or subdirectories. However, you can create new files and subdirectories. Use touch to create a new file named testfile. Solution: touch testfile
- Create a new directory named testdir. Solution: mkdir testdir
- Now, suspend the user2 subshell and return to your login shell.
- As user1, you have been tasked with creating a subdirectory inside your home directory that is completely hidden to all users. You are to make this directory so that no one can even discover its existence. First create a new subdirectory named
temp. It should reside directly beneath your home directory (user1).
Solution: mkdir temp
- Now, using numeric codes, set the permissions on this subdirectory so that only you can read, write, and execute files in the temp directory.
Solution: chmod 700 temp
- Create a new subdirectory in the /home/user1/temp directory named hiddendir.
Solution: mkdir ./temp/hiddendir
- Next, create a file in the hiddendir directory named hiddenfile.
Solution: touch ./temp/hiddendir/hiddenfile
- Using numeric codes, change the permissions of the hiddendir directory to be consistent with the temp directory: only you can read, write, and execute files in the directory.
Solution: chmod 700 ./temp/hiddendir
- Become user2 again.
- Go to the user1/temp directory. Be sure to enter the directory’s full path.
Solution: cd /home/user1/temp
- Note that you cannot read the contents of this directory as user2. Go to the /home/user1 directory.
Solution: cd /home/user1
- List the subdirectories, making sure to show all file attributes.
Solution: ls -l
- As user2, you can see that the temp subdirectory exists, but you cannot list its contents. These contents include the hiddendir subdirectory. Both the subdir directory and its contents are effectively invisible. Exit the user2 subshell.