sudo Sergeant 06: File Permissions

Join the Ben Heck team every week for amazing hacks! Watch them build and mod community-inspired projects using electronics!

Back to The Ben Heck Show homepage

sudo Sergeant

Featured Bonus Content

See All Episodes

Felix discusses how file permissions work with Linux. He covers what they mean, what they’re for, and how to set them. You’ll learn to use command line to create a file and decipher user, group, and others rights. You can then add or remove permissions by CHMOD or by permission bits in octal notation.

File permissions are the most basic form of security control on a Linux based operating system. They are implemented in a manner which can be configured to grant or deny access to files. The permissions can be modified by either the one who owns the file, or the super user. The instruction to modify the permissions can take numeric arguments or symbolic arguments.

Felix uses a command line example to show you how to see the permissions of a file: Typing “ls” shows you the root directory structure.

sergeant@raspberrypi: ~ $ ls
Desktop Documents Downloads Music Pictures Public Templates test Videos

He wants to go the test directory so he types the command cd test. Typing ls again shows that this directory has two directories that were previously mounted.

sergeant@raspberrypi: ~ $ cd test
sergeant@raspberrypi: ~ $ ls
mount0 mount 1

Next he creates a files using command line using the touch command followed by the file he is creating and uses the ls command to verify the file was created:

sergeant@raspberrypi: ~/test $ touch testfile.text
sergeant@raspberrypi: ~/test $ ls
mount0 mount1 testfile.txt

To find the file permissions of this newly created file he types in ls -l:

sergeant@raspberrypi: ~/test $ ls -l
total 8
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1
- rw-r-- r-- 1 sergeant sergeant 0 Aug 30 09:46 testfile.txt

For testfile.txt the information to left of the number 1 are the file permissions. The first bit in the file permissions is the file type, the next 3 are the permissions of the owner, the following three bits are the permissions of the group, and the last three are the permissions of anybody who is either not in the group or not the owner. The last bit is a single character that specifies alternate access methods.

For instance, if you see "drwxr" it means that the file type is director, the r means that the owner can read the directory, the w means the owner can write to the directory, and x means the owner can execute the directory (since it's a directory it doesn't really get executed). The next 3 bits are the group rights. For testfile.txt, "r--" means that the group can read this but cannot write or execute.

There are two ways to modify the file permissions. They can either be done through numeric method or via a character method. With the character method, you would change the file permissions by sending the instruction chmod (change modify). Felix suggests expanding the help anytime you have an instruction. After, using the command "--help" Felix decides to give execution permissions to the user for the file by typing in the following command:

In this example, read and write are turned off execute is turned on:

sergeant@raspberrypi: ~/test $ chmod u=+x testfile.txt
sergeant@raspberrypi: ~/test $ ls -l
total 8
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1
---xr-- r-- 1 sergeant sergeant 0 Aug 30 09:46 testfile.txt

In this example, read and write are added along with execute:

sergeant@raspberrypi: ~/test $ chmod u=+rwx testfile.txt
sergeant@raspberrypi: ~/test $ ls -l
total 8
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1
-rwxr-- r-- 1 sergeant sergeant 0 Aug 30 09:46 testfile.txt

To give those same permissions to the group simply use the following command:

sergeant@raspberrypi: ~/test $ chmod g=+rwx testfile.txt
sergeant@raspberrypi: ~/test $ ls -l
total 8
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1
-rwxrwxr-- 1 sergeant sergeant 0 Aug 30 09:46 testfile.txt

To give those permissions to others you would use the following command:

sergeant@raspberrypi: ~/test $ chmod o=+rwx testfile.txt
sergeant@raspberrypi: ~/test $ ls -l
total 8
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1
-rwxrwxrwx 1 sergeant sergeant 0 Aug 30 09:46 testfile.txt

To take away group permissions you would use the minus sign instead of the plus sign:

sergeant@raspberrypi: ~/test $ chmod g=-rwx testfile.txt
sergeant@raspberrypi: ~/test $ ls -l
total 8
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount0
drwxr-xr-x 2 sergeant sergeant 4096 Aug 25 13:40 mount1
-rwx---rwx 1 sergeant sergeant 0 Aug 30 09:46 testfile.txt

This is covers adding and removing permissions using the character method. To change permissions via the numeric method you can head over to Unix Permissions and Lookup . Select your permissions bits. We're focusing on user, group, and others.If you want to have read write execute for user group and others you would select those permissions on the page.

sergeant@raspberrypi: ~/test $ chmod 777 testfile.txt
sergeant@raspberrypi: ~/test $ ls -l testfile.txt
-rwxrwxrwx 1 sergeant sergeant 0 Aug 30 9:46 testfile.txt

Trying again with a different numeric value changes the file permissions:

sergeant@raspberrypi: ~/test $ chmod 700 testfile.txt
sergeant@raspberrypi: ~/test $ ls -l testfile.txt
-rwx------ 1 sergeant sergeant 0 Aug 30 9:46 testfile.txt

Top Comments

tariq.ahmad over 4 years ago in reply to jackwhite+ +1

I am by no means a Linux expert but I do have previous professional experience maintaining Linux servers, modifying file permissions on PHP files (usually through FTP but I have used command line), an…
shabaz over 4 years ago in reply to tariq.ahmad +1

tariq.ahmad wrote:

Changing file permissions can be tricky for people maintaining Linux servers for business or in another field.

This is definitely true.. I've a formal qualification in one of the UNIX…
tariq.ahmad over 4 years ago in reply to koudelad +1

Thanks koudelad !

This has been fixed!

jackwhite+ over 4 years ago in reply to tariq.ahmad

I just don't believe it. This cannot be happening. A staff member saw an error report, READ IT, and answered with a long, pointless and irrelevant message. It this still element14 site? Did I die and end up in a special type of hell just for me?

There is nothing to argue about. This IS a mistake and it MUST be corrected.
If you for any reason do not believe me, try for yourself, it will take about 3 to 5 minutes:

This link will give you a linux shell right inside a browser: Javascript PC Emulator
Click it and wait for it to boot.
Create a file with any extension you like (almost all shell commands do not care about extensions at all - that's a security feature).
Assign it some permissions.
Attempt to use "=-" to remove just one permission - it will remove all of them (within an u/g/o category).
Attempt to use "=+" to add just one permission - it will reset permissions that were already present to what you typed.
Example commands are in my previous post.

IT DOES NOT WORK AS DESCRIBED no matter expertise or anything else. The link you provided is completely irrelevant too.

JSLinux is an absolutely real linux on an emulated intel 386-compatible PC.
If you "don't believe" in it, download any linux live CD and boot it in virtualbox or something. Don't even need to install it, just open a terminal or hit Ctrl+Alt+F2 after boot, it only takes a few minutes.

The "=+" probably came from "git update-index --chmod=+x" in which case the "=" is a part of git's "--parameter=value" syntax.
It's a newbie mistake, the best you can do now is to reupload the video.

My point is, by doing a video that has a huge mistake it what it is trying to teach, you hurt more than help.
- Cancel
- Up +1 Down
- Reply
- More
- Cancel
tariq.ahmad over 4 years ago in reply to koudelad

Thanks koudelad !

This has been fixed!
- Cancel
- Up +1 Down
- Reply
- More
- Cancel
koudelad over 4 years ago

There is a link to sudo Sergeant episode 05 video, instead of episode 06.
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
shabaz over 4 years ago in reply to tariq.ahmad

tariq.ahmad wrote:

Changing file permissions can be tricky for people maintaining Linux servers for business or in another field.

This is definitely true.. I've a formal qualification in one of the UNIX's (Solaris), and paid £3000 GBP (i.e. at that time >$5k USD for it), directly from the manufacturer (Sun), and since education is constant learning, I valued seeing how the character operators could be used for changing file permissions in Linux, because it was something I was not taught, and I've always used the numeric method (e.g. chmod 755). So I learnt something new from this episode, even if it means having to type 'man chmod' to dig deeper into it.
- Cancel
- Up +1 Down
- Reply
- More
- Cancel
tariq.ahmad over 4 years ago in reply to jackwhite+

I am by no means a Linux expert but I do have previous professional experience maintaining Linux servers, modifying file permissions on PHP files (usually through FTP but I have used command line), and experience using command line to create a MySQL database and migrating gigabytes of data from the MySQL database on one server to the the MySQL database on another server.

Most of the times when you are working with Linux from command line the process will be rather smooth but there are times when you will need to tweak your commands and this can be due to the default settings or the distribution of Linux you are working with.

In the example output you posted you do not have a file extension so I am curious if there is something in your default settings that is preventing you from changing the permissions on the files you were attempting to modify?

I ran across a thread online where someone has trouble changing file permissions through command line:

https://unix.stackexchange.com/questions/49884/how-to-make-executable-of-all-files-excluding-a-few-file-types

Changing file permissions can be tricky for people maintaining Linux servers for business or in another field.

Any information that is helpful can make it less confusing to many people who may not have the same level of technical experience that you may very well have.

I can attest to the fact that from previous experience, the information that Felix is providing in these segments has real business applications that many people, particularly small business owners, would find useful.

Linux servers are used a lot in the ecommerce world and we have received a lot of positive praise since the launch of sudo Sergeant from people in a variety of fields and backgrounds.
- Cancel
- Up +1 Down
- Reply
- More
- Cancel
DAB over 4 years ago

Nice episode Felix.

Well done.

DAB
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
jackwhite+ over 4 years ago

There is neither "=+" nor "=-" operator!

On my system:
"=+" does not add permissions, it replaces them as "=" operator would
"=-" clears all permissions despite anything after "=-", for example "=-w" is equivalent to "-rwx"

...and the example were so "useful" you didn't even notice.

man chmod :
The operator + causes the selected file mode bits to be added to the existing file mode bits of each file; - causes them to be removed; and = causes them to be added and causes unmentioned bits to be removed except that a directory's unmentioned set user and group ID bits are not affected.

testing:
chiroptera@homelinux:/$ touch test
chiroptera@homelinux:/$ chmod 605 test
chiroptera@homelinux:/$ ls -l test
-rw----r-x 1 chiroptera chiroptera 0 Oct 12 02:41 test
chiroptera@homelinux:/$ chmod u=rx test
chiroptera@homelinux:/$ ls -l test
-r-x---r-x 1 chiroptera chiroptera 0 Oct 12 02:41 test
chiroptera@homelinux:/$
chiroptera@homelinux:/$ chmod 605 test
chiroptera@homelinux:/$ chmod u+rx test
chiroptera@homelinux:/$ ls -l test
-rwx---r-x 1 chiroptera chiroptera 0 Oct 12 02:41 test
chiroptera@homelinux:/$
chiroptera@homelinux:/$ chmod 605 test
chiroptera@homelinux:/$ chmod u-rx test
chiroptera@homelinux:/$ ls -l test
--w----r-x 1 chiroptera chiroptera 0 Oct 12 02:41 test
chiroptera@homelinux:/$
chiroptera@homelinux:/$ chmod 605 test
chiroptera@homelinux:/$ chmod u=+rx test
chiroptera@homelinux:/$ ls -l test
-r-x---r-x 1 chiroptera chiroptera 0 Oct 12 02:41 test
chiroptera@homelinux:/$
chiroptera@homelinux:/$ chmod 605 test
chiroptera@homelinux:/$ chmod u=-rx test
chiroptera@homelinux:/$ ls -l test
-------r-x 1 chiroptera chiroptera 0 Oct 12 02:41 test

Felix, really?
You had just ONE job: explain the ONLY parameter of a single command...
I hereby demote you to sudo private.

Seriously though, every single video has huge factual mistakes exactly in what it is trying to teach.
A lot of people are watching, and they ALL get the wrong info.
Please, PLEASE do more research!
- Cancel
- Up 0 Down
- Reply
- More
- Cancel