This article is part of the following series.
- A Beginner’s Guide to Linux File Permissions
- 2 ways to check file permissions in Linux
- 2 ways to change file permissions in Linux
In Linux, file permissions play a crucial role in determining who can access, modify, or execute files and directories.
The permissions are typically represented by a combination of read (r), write (w), and execute (x) permissions for the owner, group, and others. However, there are two main approaches to change file permissions in Linux: using the chmod command and the umask command.
Get Your Free Linux training!
Join our free Linux training and discover the power of open-source technology. Enhance your skills and boost your career! Learn Linux for Free!The chmod command allows users to modify permissions on files and directories explicitly. It provides flexibility in granting or revoking specific permissions for different categories of users. With chmod, you can set permissions using symbolic or numeric notation, and adjust the permissions based on your requirements.
On the other hand, the umask command is used to set the default permissions for newly created files and directories. It functions by subtracting the umask value from the maximum permissions, resulting in the final permissions for the newly created files and directories. umask ensures consistency and ease of setting default permissions for multiple files or directories.
In this guide, we will delve into the details of using chmod and umask, exploring their usage and various options to modify file permissions in Linux.
Table of Contents
change file permissions with chmod in Linux
In Linux, you can use the chmod command to change file permissions. The chmod command allows you to modify the read, write, and execute permissions for the owner, group, and others.
Here’s a breakdown of the chmod syntax:
chmod options permissions filename
Here are some commonly used options and permission symbols:
-c Outputs a message for each file whose permissions are changed.
-R Recursively changes permissions for all files and directories within the specified directory.
u Represents the user/owner.
g Represents the group.
o Represents others (everyone else).
a Represents all (user, group, and others).
+ Adds the specified permission.
– Removes the specified permission.
= Sets the specified permission, overwriting existing permissions.
Here are some examples of using chmod:
Grant read and write permissions to the owner of a file:
chmod u+rw filename
Remove execute permission from the group and others for a file:
chmod go-x filename
Set read, write, and execute permissions for the user, and read-only permission for the group and others:
chmod u+rwx,go+r filename
Set read and write permissions for all users (owner, group, and others) on a directory and its contents recursively:
chmod -R a+rw directory
Remember that changing file permissions should be done with caution, as incorrect permissions can impact the security and functionality of your files and system. It’s important to understand the implications of modifying permissions before making any changes.
What we use above is called relative permissions. It is used to add or remove specific permissions relative to the existing permissions of a file or directory.
We can also use exact permissions in chmod command.
Exact permissions are used when you want to set the permissions precisely without considering the existing permissions.
For example,
chmod u=rw,g=r,o=r filename
The command chmod u=rw,g=r,o=r filename sets the permissions of the file “filename” to read and write for the owner (user), read-only for the group, and read-only for others. Let’s break down the command:
- u=rw: Sets read and write permissions for the owner (user).
- g=r: Sets read-only permissions for the group.
- o=r: Sets read-only permissions for others.
We can also change file permission with chmod using numbers.
In Linux, you can use numbers to represent file permissions when using the chmod command. Each permission has a corresponding numeric value:
Read (r): 4
Write (w): 2
Execute (x): 1
To set permissions using numbers, you add up the values for the desired permissions. Here’s how you can use numbers with chmod:
You can use a three-digit octal number to represent the permissions for the owner, group, and others, respectively. Each digit represents the sum of the permissions for that category.
For example, to set read and write permissions for the owner, read-only permissions for the group, and no permissions for others, you can use the following command:
chmod 640 filename
Explanation:
The first digit (6) represents the permissions for the owner (read + write = 4 + 2 = 6).
The second digit (4) represents the permissions for the group (read only).
The third digit (0) represents the permissions for others (no permissions).
Let’s see another example.
You can combine multiple permissions using numbers by adding their numeric values. For example, to set read, write, and execute permissions for the owner, read and execute permissions for the group, and read-only permissions for others, you would use:
chmod 754 filename
Explanation:
The first digit (7) represents the permissions for the owner (read + write + execute = 4 + 2 + 1 = 7).
The second digit (5) represents the permissions for the group (read + execute = 4 + 1 = 5).
The third digit (4) represents the permissions for others (read only).
Remember to use the appropriate numeric values to represent the desired permissions when using chmod. Understanding the numeric representation of permissions can be helpful when scripting or automating permission changes.
change file permissions with umask command in Linux
The umask command in Linux allows you to set the default permissions that will be applied to newly created files and directories. It works by subtracting the value of the umask from the default permissions.
Here’s how you can use the umask command to change file permissions:
Check the current umask value:
umask
or
umask -S to list the symbolic permission.
Set a new umask value:
umask [new_umask_value]
Replace [new_umask_value] with the desired umask value. It can be specified in either octal or symbolic notation.
Octal notation: You can use a three-digit octal number to represent the umask value. Each digit represents the permissions for the owner, group, and others, respectively.
For example, to set a umask value of 002 (read and write for owner and group, no permissions for others), you can use:
umask 002
Symbolic notation: You can also use symbolic notation to set the umask value. The symbols used are u (user/owner), g (group), o (others), and a (all). The symbols + (plus) and – (minus) are used to add or remove permissions.
For example, to set a umask value of u=rw,g=r,o= (read and write for owner and read-only for group, no permissions for others), you can use:
umask u=rw,g=r,o=
Note: When specifying permissions using symbolic notation in umask, the = symbol is used instead of + or – to set the exact permissions.
Verify the new umask value:
umask
How to Calculate Umask Values
Linux uses the following default mask and permission values:
- The system default permission values are 777 (rwxrwxrwx) for folders and 666 (rw-rw-rw-) for files.
- The default mask for a non-root user is 002, changing the folder permissions to 775 (rwxrwxr-x), and file permissions to 664 (rw-rw-r–).
- The default mask for a root user us 022, changing the folder permissions to 755 (rwxr-xr-x), and file permissions to 644 (rw-r–r–).
- This shows us that the final permission value is the result of subtracting the umask value form the default permission value (777 or 666).
The umask value determines which permissions are turned off for newly created files and directories. It is subtracted from the default permissions (typically 666 for files and 777 for directories) to determine the final permissions.
To calculate the umask value, follow these steps:
First, we need to determine the desired permissions for files and directories.
Convert the permissions to their numeric values.
Subtract the numeric values of the desired permissions from the maximum permissions (666 for files, 777 for directories). This will give you the umask value.
For example:
If you want newly created files to have read and write permissions for the owner, but no permissions for the group and others, you would calculate the umask value as follows:
Owner permissions: r+w = 4+2 = 6
Group and others permissions: 0
Subtracting from the maximum permissions:
For files: 666 – 6 = 660
For directories: 777 – 6 = 771
The umask value in octal notation would be 0660 for files and 0771 for directories.
Let’s see one more example.
[@howtouselinux ~]$ umask
0077
[@howtouselinux ~]$ umask -S
u=rwx,g=,o=
[@howtouselinux ~]$
-rw-------. 1 howtouselinux howtouselinux 0 Jun 16 09:39 howtouselinux
drwx------. 2 howtouselinux howtouselinux 6 Jun 16 09:39 howtouselinuxdir
The new umask value will be applied to subsequently created files and directories. It’s important to note that umask does not affect the permissions of existing files and directories, only the default permissions for new ones.
The umask command is typically executed in a shell startup script, such as .bashrc or .profile, to ensure that the desired umask value is set for each new session.