File Permission Basics

Interpreting Directory Permissions

A permission string like -rw-r--r-- consists of 10 characters:

• Position 1: File type (- for regular file, d for directory, l for symbolic link).
• Positions 2-4: Owner permissions (rw-).
• Positions 5-7: Group permissions (r--).
• Positions 8-10: Other user permissions (r--).

Symbol meanings:

• r: Read permission.
• w: Write permission.
• x: Execute permission.

Using the chmod Command

Syntax: chmod [options] mode filename

• Options: -R for recursive changes.
• Mode: Specified as [ugoa][+-=][rwx] or numeric values.

Examples:

1. chmod u+x video.mp4 – Adds execute permission for the owner.
2. chmod g+w,o+w video.mp4 – Adds write permission for the group and others.
3. chmod u=rwx video.mp4 – Sets owner permissions to read, write, and execute.

Numeric Permission Representation

• Read (r) = 4
• Write (w) = 2
• Execute (x) = 1

Permissions are summed for each category. For example, rwxr-xr-x translates to:

• Owner: 4+2+1 = 7
• Group: 4+0+1 = 5
• Others: 4+0+1 = 5 Resulting in numeric mode 755.

Examples:

1. chmod 755 video.mp4 – Sets permissions to rwxr-xr-x.
2. chmod 644 video.mp4 – Sets permissions to rw-r--r--.

Common numeric modes: 777, 644, 755.

Permission Effects

File Permissions

• Read (r): Allows viewing file content (e.g., cat, more).
• Write (w): Permits editing, appending, or modifying content (e.g., vi, echo). Does not include file deletion.
• Execute (x): Enables file executoin.

Directory Permissions

• Read (r): Lists directory contents (ls).
• Write (w): Modifies directory structure: create, delete, rename, or move files/directories (e.g., touch, rm, mv).
• Execute (x): Allows entry into the directory (cd).

For files, the highest permission is execute (x). For directories, its write (w).

Viewing Default Permissions

Use umask to check the default permission mask. Output like 0022 indicates:

• First digit (0): Special permissions.
• Remaining digits (022): Default mask for files and directories.

Default File Permissions

Files cannot be created with execute permission by default; it must be manually assigned. Maximum default permission is 666. Default permissions are calculated by subtracting the umask value from 666 after converting to symbolic form.

Example: With umask 022:

• Maximum permission: rw-rw-rw- (666)
• Subtract umask: -----w--w-
• Result: rw-r--r-- (644)

Key point: Linux subtracts permissions symbolically, not numerically. The umask acts as a mask that restricts permissions during file creation.

Default umask is 022, granting owner read/write, and group/others read-only. Modify umask to change defaults.

Examples of umask effects:

1. Set umask to 0000:

$ umask 0000
$ mkdir testdir
$ touch testfile
$ ls -l

Output:

drwxrwxrwx 2 user group 4096 Month Day Hour:Minute testdir
-rw-rw-rw- 1 user group    0 Month Day Hour:Minute testfile

2. Set umask to 0022 (default):

$ umask 0022
$ mkdir testdir
$ touch testfile
$ ls -l

Output:

drwxr-xr-x 2 user group 4096 Month Day Hour:Minute testdir
-rw-r--r-- 1 user group    0 Month Day Hour:Minute testfile

3. Set umask to 0777:

$ umask 0777
$ mkdir testdir
$ touch testfile
$ ls -l

Output:

drwx------ 2 user group 4096 Month Day Hour:Minute testdir
-rw------- 1 user group    0 Month Day Hour:Minute testfile

Umask subtracts permissions, so 0777 is most restrictive, denying all to group and others.

Default Directory Permissions

Maximum default permission for directories is 777. Calculated similarly by subtracting umask from 777.

Example: With umask 022:

• Maximum permission: rwxrwxrwx (777)
• Subtract umask: -----w--w-
• Result: rwxr-xr-x (755)

Modifying Umask Values

• Temporary change: umask 0002
• Permanent change: Edit /etc/profile.