chmod / chown

Owned by Bradley Roderick
Last updated: Jan 05, 2023

We briefly mentioned in the intro to Bash, that every file has an owner and an ownership group. Each file also has sets of permissions. Permissions and Ownership in Linux can get to be as complex as you would like, but at its core, it is pretty simple. Let's create a test file and ls -lĀ  it so we can look at the components:

[bradr@ssh8-2 testdir]$ touch myfile && ls -l
total 0
-rw-r--r-- 1 bradr Domain Users 0 Jan  5 11:23 myfile

So the line -rw-r--r-- 1 bradr Domain Users 0 Jan 5 11:23 myfileĀ  contains the permissions and ownership information.

The first part, -rw-r--r--Ā  shows the filetype and what is authorized. The first character is the file type, don't worry about that here. There are essentially three actions allowed on a file. You can read it, you can write to it, or you can execute code in it. The nine characters after the file type in this line represent each of these three actions allowed for it's owner (the first three characters), it's ownership group (the next three characters), and everybody else (the last three characters). Anything that is represented by a letter ('x' or executable, 'r' for readable, or 'w' for writeable) represents an action that is permitted, and anything represented by a '-' represents an action that is not permitted. So we see that the owner is allowed to read and write to the file, the group can only read the file, and everybody else can read the file as well.

The second part bradrĀ  tells you who owns the file

The third part Domain UsersĀ  tells who the group that owns the file

Now lets say that we are being secret about our file, so we don't want everyone to be able to read it, but we also need help, so we want everyone in the group to be able write to it. Also, it's going to be a great Bash script, so we need to be able to execute it as well. How do we go about changing these permission?

chmod

chmod is the command line utility to change permissions of a file, there are several ways to use it. The example we used in the Intro to Bash Scripting section was to just make it executable by anyone:

[bradr@ssh8-2 testdir]$ chmod +x myfile && ls -l
total 0
-rwxr-xr-x 1 bradr Domain Users 0 Jan  5 11:23 myfile

We don't really want to do that here, since we aren't changing one permission for each group though, so lets undo that

[bradr@ssh8-2 testdir]$ chmod -x myfile && ls -l
total 0
-rw-r--r-- 1 bradr Domain Users 0 Jan  5 11:23 myfile

So there are multiple ways of setting the permissions with chmodĀ  but the most common is using "numerical mode" which we can find information for in the manĀ  page. The basic syntax is chmod 755 myfile where the first number sets the permissions for the Owner, the second sets the permissions for the owner group, and the third sets the permissions for everyone. Now to know what the number means, it is an "octal" meaning there are 8 possible choices 0-7. These numbers represtent some summation of the following

PermissionNumber
Executable1
Writeable2
Readable4

And the number represents a sum of those numbers. So chmod 751 myfile would let the owner read, write and execute the file, because 7 represents 4+2+1. This would allow group users to only be able to read or execute the file, because 4 represents 4+1, and it would allow everyone else to only be able to execute the file because 1 represents 1+nothing. If one of the permissions is '0' that means that group is not allowed to do anything.

So now we have an idea of how to solve our problem above. We want the owner of our file to be able to read write and execute the file, we want the people in our group to help edit the file, so they can read and write it, and we don't want people outside the group to be able to read, write, or execute it. We can do that with the permissions '7' for the owner, '6' for the group, and '0' for everyone else.

[bradr@ssh8-2 testdir]$ chmod 760 myfile && ls -l
total 0
-rwxrw---- 1 bradr Domain Users 0 Jan  5 11:23 myfile

**You can also change all of the permissions to every file in a directory with the -RĀ  flag. Ex: chmod +R 750 /path/to/directory/Ā 

chown

chown is much more simple. Every file has an owner and an ownership group as mentioned above. This can be changed with the syntax chown username:groupname myfileĀ 

Sometimes when copying files, something that you may be expecting to be run by the webserver using the apacheĀ  user will have it's ownership changed because you are copying as the root user. So instead of it being owned by apache and running on the webserver, you will get a FORBIDDENĀ  error. Let's look at this PHP file:

[root@linuxadmin:1 Widgets]# ls -l | grep WidgetRenderer.php 
-rw-rw-r--. 1 root root  6668 Mar  3  2022 WidgetRenderer.php


I'm expecting this php file to be accessed by the user apacheĀ  which has the group apache . So I need to change it.

[root@linuxadmin:1 Widgets]# chown apache:apache WidgetRenderer.php | ls -l WidgetRenderer.php 
-rw-rw-r--. 1 apache apache 6668 Mar  3  2022 WidgetRenderer.php


There are some instances where this can be done by a non-root user, but it almost always needs root privileges.