How to manage advanced permissions with chmod and chown. Proper management of permissions with chmod and chown is essential for the security and proper functioning of a Linux system.
Understanding these commands and applying them according to the specific scenario allows you to efficiently control access to files and directories, preventing errors and security breaches.
How to manage advanced permissions
Managing file and directory permissions is essential in Linux system administration.
The chmod and chown commands provide complete control over user and group access.
This guide explains how permissions can be set and modified in an advanced and secure manner.
Linux permissions – basic concepts
Each file and directory has three types of permissions:
- r – read
- w – write
- x – execute
These permissions are assigned to:
- Owner – the user who owns the file
- Group – the group associated with the file
- Others – all other users
Using chmod to modify permissions
The chmod command allows changing permissions through two methods: symbolic and numeric.
1. Symbolic syntax
chmod u+x script.sh # adds execute permission for owner chmod g-w report.txt # removes write permission for group chmod o=r file.txt # sets only read for others
2. Numeric syntax
Permissions are represented by digits:
- 4 = read
- 2 = write
- 1 = execute
Example:
chmod 755 script.sh
Explanation:
- 7 (4+2+1) = rwx (owner)
- 5 (4+0+1) = r-x (group)
- 5 (4+0+1) = r-x (others)
Using chown to change ownership
The chown command modifies the owner and/or group of a file or directory.
1. Changing the owner
sudo chown user file.txt
2. Changing the group
sudo chown :group file.txt
3. Changing both simultaneously
sudo chown user:group file.txt
4. Recursive application
For directories and their contents:
sudo chown -R user:group /folder sudo chmod -R 755 /folder
Special permissions
Linux also has advanced permissions, such as:
1. setuid (SUID)
Allows executing a file with the owner’s privileges.
chmod u+s script.sh
2. setgid (SGID)
Files created in a directory will belong to the directory’s group.
chmod g+s /folder
3. sticky bit
Useful for shared directories (e.g., /tmp), where only the owner can delete their files.
chmod +t /folder
Viewing permissions
Use the ls -l command to check permissions:
ls -l file.txt
Example output:
-rwxr-xr-- 1 user group 1024 Jul 24 12:00 file.txt
Practical case studies
- A script accessible only to root:
chmod 700 script.sh - Shared directory for members of the same group:
chmod 2775 /project - Public directory with sticky protection:
chmod 1777 /public
Comments (0)