Managing file permissions
We have created users and groups. In this recipe, you will work with default file permissions for users and groups, as well as see how to modify those permissions.
Getting ready
Create two users, user1
and user2
. Create new group editor
and add user1
and user2
as members.
How to do it…
Follow these steps to manage file permissions, follow these steps:
- To change groups for files and directories:
- Log in with
user1
. - Create a new directory
documents
underhome
:user1@ubuntu:~$ mkdir documents
- Create a text file under
documents
:user1@ubuntu:~$ echo "hello world"> documents/file.txt
- Now log in with
user2
:user1@ubuntu:~$ su user2
- Try to edit the same text file. It should say
Permission denied
:user2@ubuntu:/home/user1$ echo "hello again">documents/file.txt
- log in as
user1
and change the group ofdocuments
toeditor
:user1@ubuntu:~$ chgrp -R editor documents
- Switch to
user2
and try editing the same file. Now it should work:
- Log in with
- To set permissions with
chmod
, follow these steps:- Create simple shell script with the following command:
$ echo 'echo "Hello World!!"'> hello.sh
- Execute a shell script with the following command:
$ ./hello.sh
- Set executable permission to
hello.sh
with the following command:$ chmod u+x hello.sh
- Check new permission with the following command:
$ ls -l
- Execute
hello.sh
again:
- Create simple shell script with the following command:
- To protect shared files with sticky bit, follow these steps:
- Log in as
user1
and set sticky bit for directorydocuments
:user1@ubuntu:~$ chmod +t documents
- Log in as
user2
and create a new file. - Try to delete any file under
documents
. It should fail:
- Log in as
How it works…
When you create a new file or directory in Ubuntu, the default permissions for files are read and write access to owner and owner's private group, along with read, write, and execute access for directories. You can check the default setting with umask -S
.
In our example, we have user1
and user2
. Both of them are members of the editor
group. When user1
creates a file, the default permissions are limited to user1
and its private group (user1
) named after the user account. This is the reason user2
sees Permission denied
on editing file. By changing the group of documents
to editor
we allow all members of editor
to read and write to files in documents
.
With the chmod
command, we can set permissions at a more granular level. In our example of hello.sh
, we have set the executable permission for hello.sh
. Similarly, we can set read permission as follows:
$chmod +r filename
To set write permission, use the following command:
$chmod +w filename
You can set more selective permissions with additional parameters before mode expression as follows:
$chmod ugo+x filename
Here, u
sets the permission for user, g
for group, and o
for all others.
To remove permissions, replace +
with -
. For example, $chmod o-w filename
. Alternatively, you can use the Octal format to specify permissions:
$chmod 777 filename
This gives read, write, and execute permission to user group and others, whereas the command $chmod 600 filename
gives set, read, and write permissions for owner and no permission to groups and others. In Octal format [777
], the first bit is used for the user or owner of the file, the second bit is for group, and the third bit is for everyone else. Check out the following table for more information:
Finally, when you share files within a group of users, there are chances that someone deletes the file that is required by other users. Sticky bit can protect these file from deletion. When sticky bit is set, only the owner or a user with root privileges can delete a file.
You can set sticky bit with the command chmod
as $chmod +t directoryName
. Sticky bit is shown in long listing (ls -l
) with symbol t
or T
. Additionally, sticky bit works only with directories and is ignored on ordinary files.
There's more…
Many times when working as a root user, all files and directories created are owned by root. A non-root user can't write to these directories or files. You can use the command chown
to change the ownership of such files and assign them to respective users.
To change ownership of a file, use the following command:
$chown newuser filename
To change the owner as well as the group of file, use the following command:
$chown newuser:newgroup filename
You can skip changing owner and change only the group with the following command:
$chown :newgroup filename
Note that the chown
command can only be used by users with root privileges.