Setting Permissions (chmod and chown) - Images: Japanese

Hey there, everyone!

This is the final article in the UNIX / Linux series. If you've been reading from the start, thanks for sticking with it — and if this is your first time here, welcome!

This time we'll cover how to actually change permissions and ownership. There's a fair bit that can get tangled up in your head here, so let's work through it step by step.

Start by logging in as root as usual, and create a new user called test. If there's already a regular user on the system, you can use that one instead of creating a new test account.

[root@localhost ~]# adduser test

Now, write a line of text to a file called test.txt inside test's home directory /home/test. Using the echo command with redirection, it looks like this:

[root@localhost ~]# echo "Don't peek... I said don't look!(///)" > /home/test/test.txt
[root@localhost ~]# cat /home/test/test.txt
Don't peek... I said don't look!(///)

Now let's check the current permissions of /home/test/test.txt with ls -l:

[root@localhost ~]# ls -l /home/test/test.txt
-rw-r--r--. 1 root root 51  Jul 25 09:40 2018 /home/test/test.txt

Focus on rw-r--r-- and root root. The current owner is root and the owning group is root.

Let's check which groups test belongs to with the groups command:

[root@localhost ~]# groups test
test : test

test only belongs to the test group. Since the file's owner and group are both root, test falls into the 'others' category, which has r-- — read-only access.

Let's verify this. First, switch to user test and try reading the file with cat:

[test@localhost root]$ cat /home/test/test.txt
Don't peek... I said don't look!(///)

Reads fine. Now try appending to it:

[test@localhost root]$ echo "Oops, I looked...(*'ω'*)" >> /home/test/test.txt
bash: /home/test/test.txt: Permission denied

"Permission denied" — write access is blocked. Execute would be blocked too. That confirms the r-- permission is working as expected.

Now let's use chown — the command for changing the owner and group. First switch back to root:

[test@localhost ~]$ exit
exit
[root@localhost ~]#

Run chown test /home/test/test.txt, then check with ls -l:

[root@localhost ~]# chown test /home/test/test.txt
[root@localhost ~]# ls -l /home/test/test.txt
-rw-r--r--. 1 test root 51  Sep 21 18:56 2018 /home/test/test.txt

The owner is now test. Now if you switch back to test and try appending:

[test@localhost root]$ echo "Oops, I looked...(*'ω'*)" >> /home/test/test.txt
[test@localhost root]$ cat /home/test/test.txt
Don't peek... I said don't look!(///)
Oops, I looked...(*'ω'*)

It works. Since test is now the owner, the rw- permission applies.

Now switch back to root again:

[test@localhost root]$ exit
exit
[root@localhost ~]#

This time, let's change the owning group. To specify a group with chown, use a colon (:) as a separator. To set both owner and group, write owner:group — e.g., test:root sets owner to test and group to root. To change only the group, leave the left side of the colon blank: :test.

[root@localhost ~]# ls -l /home/test/test.txt
-rw-r--r--. 1 test root 78  Sep 21 18:59 2018 /home/test/test.txt
[root@localhost ~]# chown :test /home/test/test.txt
[root@localhost ~]# ls -l /home/test/test.txt
-rw-r--r--. 1 test test 78  Sep 21 18:59 2018 /home/test/test.txt

Both owner and group are now test. Set whatever combination of owner and group you need for the situation. Looking good so far?

Now let's look at 'chmod', the command for changing permissions. To keep things straight: chown changes the test test part of the output (owner and group), while chmod changes the rw-r--r-- part (the actual permission bits). They're easy to confuse, so keep the distinction in mind.

One more thing before we continue: chown requires root (superuser) privileges. chmod, on the other hand, can be run by the file's owner — even a regular user — as long as they own the file. Note that simply being in the owning group is not enough. This is a commonly confused point, so pay attention.

Also, as covered in the previous article, the superuser (root) is completely unaffected by permissions. Don't forget this. Here's a quick reminder:

[root@localhost ~]# ls -al /home/test/test.txt
----------. 1 test test 78  Sep 21 18:59 2018 /home/test/test.txt

Even with all permissions stripped (----------), root can still read the file:

[root@localhost ~]# cat /home/test/test.txt
Don't peek... I said don't look!(///)
Oops, I looked...(*'ω'*)

Root can read, edit, delete — anything. The superuser is essentially unrestricted. This is exactly why superuser account management is so critical from a security standpoint. Even with all files locked down tight, if an attacker gains superuser access, it's game over in an instant. And anyone skilled enough to break in will typically have a ready-made program to take over the server — deleting users, changing passwords, revoking public keys — all in seconds. If you're designing a production server for commercial use, take superuser security very seriously.

Alright, let's get to the chmod usage. The basic syntax is chmod permission target_file_or_directory. The tricky part is how to specify the permission.

One way is to use the 3-digit numeric notation from the previous article. For example, to set full access for everyone (rwxrwxrwx), use 777; for read/write for everyone (rw-rw-rw-), use 666, and so on. Here's an example on /home/test/test.txt:

[root@localhost ~]# chmod 777 /home/test/test.txt
[root@localhost ~]# ls -al /home/test/test.txt
-rwxrwxrwx. 1 test test 78  Sep 21 18:59 2018 /home/test/test.txt

There's also a completely different notation: you specify the target category (owner, group, others, or all), the operation (add, remove, or set), and the permission type. Here's an example:

[root@localhost ~]# chmod u=w /home/test/test.txt

This notation can be more intuitive once you get used to it. In fact, the author tends to use this form rather than the numeric one, since the 3-digit numbers are prone to mental errors. Let's take a closer look.

The u=w part uses the following identifiers:

For example, to add write permission for the owner:

[root@localhost ~]# chmod u+w /home/test/test.txt

To set the owner's permissions to write-only (overwriting whatever was there before):

[root@localhost ~]# chmod u=w /home/test/test.txt

The = operator overwrites all permissions for the specified category. Keep that in mind.

To target multiple categories at once:

[root@localhost ~]# chmod ug=rw /home/test/test.txt

This sets both owner and group to read-write. The order of the category letters doesn't matter, so this is equivalent:

[root@localhost ~]# chmod gu=wr /home/test/test.txt

To set different permissions for different categories in one command, use a comma:

[root@localhost ~]# chmod u=wr,g=w /home/test/test.txt

Note that spaces around the comma are not allowed — since the comma-separated string is a single argument, adding a space would split it into two arguments and cause an error:

[root@localhost ~]# chmod u=wr, g=w /home/test/test.txt

The author finds this notation easier to use than the 3-digit numeric form, and tends to recommend it as a default approach.

That wraps up the UNIX / Linux beginner's series. With this level of knowledge, you should be able to handle the basic day-to-day operations of a UNIX or Linux system.

The author plans to continue covering more advanced topics when time allows, so thanks for reading and hope to see you again!

This article was written by Sakurama.

Author's beloved small mammal

桜舞 春人 Sakurama Haruto A Tokyo-based programmer who has been creating various content since the ISDN era, with a bit of concern about his hair. A true long sleeper who generally feels unwell without at least 10 hours of sleep. His dream is to live a life where he can sleep as much as he wants. Loves games, sports, and music. Please share some hair with him.

If you find any errors or copyright issues, please contact us.

Home

Previous

Tweet

シェアする