UNIX operating systems enforce strict access control of files based on the owner, a group, and everyone else. This tech-recipe describes the techniques for setting these access controls with chmod.
The UNIX chmod command can be confusing unless a few basic points are explained. It allows different access control for the owner of the file u, a specific group of users on the system g, and everyone else o.
There are three different permissions that can be assigned to the users above. Read r, write w, and execute x. As a shortcut, all of these permissions can be represented by a.
Composing a chmod command requires putting together the user(s) affected, a plus or minus to add or remove the permission(s), and the permissions to change. The following summarizes these:
u owner r read
g group +/- w write a all
o other x execute
When a long listing is made of a file, the first part of the listing shows the permissions of the file (for example, -rwxr-x—). The first character indicates if the item listed is a directory (with the letter d there) or a file (with a – as shown in this example). The next three characters (rwx) are the permissions for the owner of the file (read, write, and execute in this example). The next three (r-x) are the group permisisons (read and execute). The last three (—) are permissions for other (anyone else) and indicates no permissions.
Now, the chmod command becomes simple as long as you keep in mind what you are trying to accomplish. For example, the requirement “allow other people read access to myfile” can be accomplished by the following:
chmod o+r myfile
Multple characters can be placed on either side of the +/- to perform more complex changes. The requirement “allow the owner and group members of thefile to read and write to thefile” becomes as follows:
chmod ug+rw thefile
More examples include the following:
chmod u+a file add all permissions to owner
chmod go-a file remove all permissions to group and other
chmod +r file add read permissiosn to everyone (u, g, o)
chmod o+x dir allow others to cd into directory
Note that an x permission on a directory allows the affected users to be able to change into that directory.
Changed in permissions can be chained together in a single command. Therefore, to add read and write to owner, read only to group, and other no access to the file bigfile, use the following command:
chmod u+rw,g+r,g-w,o-a bigfile
Once you have a handle on this syntax for chmod and are ready for another powerful way to use the command, check out the tech-recipe advanced octal file permissions with chmod.