General Permissions Overview:
Permissions (base)
1 – execute
2 – write
4 – read
Permissions (octal)
3 (1+2) – execute and write
6 (2+4) – write and read
7 (1+2+4) – execute, write, read
Permissions (letter representation)
| Mode | Name | Description |
|---|---|---|
| r | read | read a file or list a directory’s contents |
| w | write | write to a file or directory |
| x | execute | execute a file or recurse a directory tree |
Position of the digit in value
1 – owner permissions value
2 – users permissions in the file group
3 – users NOT in the file group
Permissions reference table
| # | Permission | rwx | Binary |
|---|---|---|---|
| 7 | read, write and execute | rwx | 111 |
| 6 | read and write | rw- | 110 |
| 5 | read and execute | r-x | 101 |
| 4 | read only | r– | 100 |
| 3 | write and execute | -wx | 011 |
| 2 | write only | -w- | 010 |
| 1 | execute only | –x | 001 |
| 0 | none | — | 000 |
Operators:
| Operator | Description |
|---|---|
| + | adds the specified modes to the specified classes |
| – | removes the specified modes from the specified classes |
| = | the modes specified are to be made the exact modes for the specified classes |
Simple Examples:
chmod 600 /path/to/file – owner can read and write - nobody else can access
chmod 666 /path/to/file – all can read and write
chmod 700 /path/to/file – owner can read, write, and execute - nobody else can
chmod 777 /path/to/file – all can read, write, and execute
chmod a-r /path/to/file - remove read permissions to all classes
chmod a+rx /path/to/file - add read and execute permissions to all classes
Get permissions of all files in a directory in octal format
[cuilo@testbox ~]# stat -c "%a %n" /etc/ssh/*
644 /etc/ssh/moduli
644 /etc/ssh/ssh_config
755 /etc/ssh/ssh_config.d
600 /etc/ssh/sshd_config
640 /etc/ssh/ssh_host_ecdsa_key
644 /etc/ssh/ssh_host_ecdsa_key.pub
640 /etc/ssh/ssh_host_ed25519_key
644 /etc/ssh/ssh_host_ed25519_key.pub
640 /etc/ssh/ssh_host_rsa_key
644 /etc/ssh/ssh_host_rsa_key.pub
List all files in a directory
[coco@testbox ~]$ ls -la ~
total 36
drwx------. 15 coco coco 4096 May 27 09:47 .
drwxr-xr-x. 3 root root 17 May 26 17:41 ..
-rw-------. 1 coco coco 7068 May 27 10:28 .bash_history
-rw-r--r--. 1 coco coco 18 Nov 8 2019 .bash_logout
-rw-r--r--. 1 coco coco 141 Nov 8 2019 .bash_profile
-rw-r--r--. 1 coco coco 312 Nov 8 2019 .bashrc
drwx------. 10 coco coco 232 May 26 21:43 .cache
drwx------. 11 coco coco 215 May 26 21:43 .config
drwxr-xr-x. 2 coco coco 6 May 26 21:43 Desktop
drwxr-xr-x. 2 coco coco 6 May 26 21:43 Documents
drwxr-xr-x. 2 coco coco 6 May 26 21:43 Downloads
-rw-------. 1 coco coco 16 May 26 17:46 .esd_auth
-rw-------. 1 coco coco 2170 May 27 09:47 .ICEauthority
drwx------. 3 coco coco 19 May 26 21:43 .local
drwxr-xr-x. 4 coco coco 39 May 26 17:35 .mozilla
drwxr-xr-x. 2 coco coco 6 May 26 21:43 Music
drwxr-xr-x. 2 coco coco 6 May 26 21:43 Pictures
drwxrw----. 3 coco coco 19 May 26 21:43 .pki
drwxr-xr-x. 2 coco coco 6 May 26 21:43 Public
drwxr-xr-x. 2 coco coco 6 May 26 21:43 Templates
drwxr-xr-x. 2 coco coco 6 May 26 21:43 Videos
-rw-------. 1 coco coco 2004 May 26 23:51 .viminfo
Explanations of the red lines (ls -la ~) and (drwxr-xr-x. 2 coco coco 6 May 26 21:43 Desktop):
| ls | list a directory |
| -l | as a list output |
| -a | show all, including hidden items |
| d | first character of a line to denote whether the item is a directory |
| – | first character of a line to denote whether the item is a single file |
| l |
first character of a line to denote whether the item is a symbolic link |
| rwxr-xr-x |
first group of three letters: owner can read/write/execute |
Categories: