From f82bc5cc33e8eee08487468a99ab85e2efb882be Mon Sep 17 00:00:00 2001 From: Edward Date: Wed, 24 Jan 2018 17:55:41 -0500 Subject: [PATCH] chmod copy edits --- .../modify-file-permissions-with-chmod.md | 60 +++++++++++-------- 1 file changed, 35 insertions(+), 25 deletions(-) diff --git a/docs/tools-reference/tools/modify-file-permissions-with-chmod.md b/docs/tools-reference/tools/modify-file-permissions-with-chmod.md index 839e3bbf383..9df8a9d62cf 100644 --- a/docs/tools-reference/tools/modify-file-permissions-with-chmod.md +++ b/docs/tools-reference/tools/modify-file-permissions-with-chmod.md @@ -6,7 +6,7 @@ description: 'Use the chmod command to modify file permissions on your Linode.' keywords: ["TAGS=chmod", "commands", "reference", "file permissions"] license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' aliases: ['linux-tools/common-commands/chmod/','tools-reference/modify-file-permissions-with-chmod/'] -modified: 2011-07-07 +modified: 2018-01-24 modified_by: name: Sam Foo published: 2010-07-01 @@ -16,17 +16,19 @@ external_resources: - '[Administration Basics](/docs/using-linux/administration-basics)' --- -Unix-like systems, including the Linux systems that run on the Linode platform, have an incredibly robust access control system that allows systems administrators to effectively permit multiple users access to a single system without giving every user access to every file on the file system. The `chmod` command is the best and easiest way to modify these file permissions. +![Modify File Permissions with chmod](/docs/assets/modify_file_permissions_with_chmod_smg.png "Modify File Permissions with chmod") + +## chmod Lets You Change Read and Write Permissions in Linux -![Modify File Permissions with chmod](/docs/assets/modify_file_permissions_with_chmod_smg.png) +Unix-like systems, including the Linux systems that run on the Linode platform, have an incredibly robust access control system that allows systems administrators to effectively permit multiple users access to a single system without giving every user access to every file on the file system. The `chmod` command is the best and easiest way to modify these file permissions. -This document provides a brief overview of file permissions and the operation of the `chmod` command in addition to a number of practical examples and applications of `chmod`. If you find this guide helpful, please consider our [basic administration practices guide](/docs/using-linux/administration-basics) and the [Linux users and groups guide](/docs/tools-reference/linux-users-and-groups/). +This guide provides a brief overview of file permissions and the operation of the `chmod` command in addition to a number of practical examples and applications of `chmod`. If you find this guide helpful, please consider our [basic administration practices guide](/docs/using-linux/administration-basics) and the [Linux users and groups guide](/docs/tools-reference/linux-users-and-groups/) next. -## Using Chmod +## How to Use chmod In this guide, `chmod` refers to recent versions of `chmod` such as those provided by the GNU project. By default, `chmod` is included with all images provided by Linode, and as part of the common "base" selection of packages provided in nearly all distributions of Linux-based operating systems. -### File Permission Basics +### Linux File Permission Basics All file system objects on Unix-like systems have three main types of permissions: read, write, and execute access. Permissions are bestowed upon three possible classes: the user, the usergroup, and all system users. @@ -48,21 +50,21 @@ File type | User | Group | Global `-` Regular file | `rw-` | `r--` | `r--` `l` Symbolic Link | `rwx` | `rwx` | `rwx` -The first character represents the type of file. The remaining nine bits in groups of three represent the permissions for the user, group, and global respectively. +The first character represents the type of file. The remaining nine bits in groups of three represent the permissions for the user, group, and global respectively. Each stands for: - - `r` stands for **r**ead - - `w` stands for **w**rite - - `x` stands for e**x**ecute +* `r`: **R**ead +* `w`: **W**rite +* `x`: e**X**ecute Note that access to files targeted by symbolic links is controlled by the permissions of the targeted file, not the permissions of the link object. There are [additional file permissions](/docs/tools-reference/linux-users-and-groups#additional-file-permissions) that control other aspects of access to files. -### The Chmod Command +### chmod Command Syntax and Options -The format of `chmod` has the format: +The format of a `chmod` command is: chmod [who][+,-,=][permissions] filename -Consider the following invocation of `chmod`: +Consider the following `chmod` command: chmod g+w ~/group-project.txt @@ -85,13 +87,15 @@ Multiple permissions can be specified by separating them with a comma, as in the chmod g+w,o-rw,a+x ~/group-project-files/ -This adds write permissions to the usergroup members, and removes read and write permissions from the "other" users of the system. Finally the `a+x` adds the execute permissions to all categories. This value may also be specified as `+x`. If no category is specified, the permission is added or subtracted to all permission categories. In this notation the owner of the file is referred to as the `user` (e.g. `u+x`). +This adds write permissions to the usergroup members, and removes read and write permissions from the "other" users of the system. Finally the `a+x` adds the execute permissions to all categories. This value may also be specified as `+x`. If no category is specified, the permission is added or subtracted to all permission categories. + +In this notation the owner of the file is referred to as the `user` (e.g. `u+x`). chmod -R +w,g=rw,o-rw, ~/group-project-files/ -The `-R` option applies the modification to the permissions recursively to the directory specified and all of its contents. +The `-R` option applies the modification to the permissions recursively to the directory specified and to all of its contents. -### Octal Notation +### How to Use Octal Notation for File Permissions Another method for setting permissions is through octal notation. @@ -105,7 +109,7 @@ Disregarding the first bit, each bit that is occupied with a `-` can be replaced 111 101 000 -This is called octal notation because the binary numbers are converted to base-8 by using the digits 0 to 7. +This is called octal notation because the binary numbers are converted to base-8 by using the digits 0 to 7: Binary | Octal | Permission -------|-------|----------- @@ -118,33 +122,39 @@ Binary | Octal | Permission 110 | 6 | rw- 111 | 7 | rwx -Each digit is independent of the other two. Therefore, 750 means the current user can read, write, and execute while the group and others cannot write. +Each digit is independent of the other two. Therefore, `750` means the current user can read, write, and execute while the group and others cannot write. -744, which is a typical default permission, allows read, write, and execute permissions for the owner, and read permissions for the group and world users. +`744`, which is a typical default permission, allows read, write, and execute permissions for the owner, and read permissions for the group and "world" users. -Either notation is equivalent, and you may chose to use whichever form is more able to clearly express your desires for the permissions. +Either notation is equivalent, and you may choose to use whichever form more clearly expresses your permissions needs. ## Making a File Executable -Issue the following command to change the file permissions so that any user can execute the file "~/group-project.py": +The following examples changes the file permissions so that any user can execute the file "~/group-project.py": chmod +x ~/group-project.py ## Restore Default File Permissions -The default permissions for files on a Unix system are often `600` or `644`. Permissions of `600` mean that the owner has full read and write access to the file, while no other user can access the file. Permissions of `644` mean that the owner of the file has read and write access, while the group members and other users on the system only have read access. Issue one of the following commands to achieve these "default" permissions: +The default permissions for files on a Unix system are often `600` or `644`. Permissions of `600` mean that the owner has full read and write access to the file, while no other user can access the file. Permissions of `644` mean that the owner of the file has read and write access, while the group members and other users on the system only have read access. + +Issue one of the following examples to achieve these "default" permissions: chmod 600 ~/roster.txt chmod 644 ~/gigs.txt -For executable files, the equivalent settings would be `700` and `755` which correspond to `600` and `644` except with execution permission. Issue one of the following commands to achieve these executable "default" permissions: +For executable files, the equivalent settings would be `700` and `755` which correspond to `600` and `644` except with execution permission. + +Use one of the following examples to achieve these executable "default" permissions: chmod 700 ~/generate-notes.py chmod 755 ~/regenerate-notes.py -## Removing all Group and World Permissions +## Restrict File Access: Remove all Group and World Permissions + +There are a number of cases where administrators and users should restrict access to files, particularly files that contain passwords and other sensitive information. The configuration files for msmtp and Fetchmail (`~/.msmtprc` and `~/.fetchmailrc`) are two common examples. -There are a number of cases where administrators and users would be wise to restrict access to files, particularly files that contain passwords and other sensitive information. The configuration files for msmtp and fetchmail (`~/.msmtprc` and `~/.fetchmailrc`) are two common examples. You can remove all access to these files with commands in one of the following forms: +You can remove all access to these files with commands in one of the following forms: chmod 600 .msmtprc chmod g-rwx,o-rwx .fetchmail