Linux Command: Modify file Permissions command chmod, CHGRP, Chown detailed __linux

Source: Internet
Author: User
Tags readable file permissions

Each file and directory in a Linux system has access permission to determine who can access and manipulate files and directories in any way.

File or directory access is divided into read-only, write-only and executable three kinds. In the case of a file, read-only permission means that only its contents are allowed, and no changes to it are prohibited. Executable permission indicates that the file is allowed to be executed as a program. When a file is created, the file owner automatically has read, write, and execute permissions on the file to facilitate reading and modifying the file. Users can also set access permissions to any combination they need, as needed.

There are three different types of users who can access files or directories: The file owner, the same group of users, and other users. The owner is generally the creator of the file. The owner can allow the same group of users to have access to the file, and to give the file access to other users on the system. In this case, each user in the system has access to the files or directories owned by the user.

Each file or directory has three sets of access rights, each with three-bit representation, read, write, and execute permissions for the owner of the file, as well as read, write, and execute permissions for users of the same group, read, write, and execute permissions for other users in the system. When you use the LS-L command to display the details of a file or directory, the leftmost column is the file's access rights. For example:

$ ls-l sobsrc.tgz

-rw-r--r--1 rootroot 483997 Ju1 L5 17:3l. Tgz

The horizontal line represents the empty license. R stands for read-only, W for write, X for executable. Note that there are 10 locations here. The first character specifies the file type. In the usual sense, a directory is also a file. If the first character is a horizontal line, it represents a file that is not a directory. If it is D, the representation is a directory. For example:


Normal file file main group user other user

is a file sobsrc.tgz access, indicating that the sobsrc.tgz is a common file, the owner of the SOBSRC.TGZ has read and write permissions, and the sobsrc.tgz owner of the same group of users only read access, and other users have only Read permissions.

After determining the access rights for a file, users can use the chmod commands provided by the Linux system to reset different access rights. You can also use the Chown command to change the owner of a file or directory. Use the CHGRP command to change the user group for a file or directory.

These commands are described separately below.

chmod Command

The chmod command is important to change the access rights of a file or directory. Users use it to control access to files or directories.

Take a folder named "CC" Under the home folder as an example. The following step-by-step article describes how to modify permissions:

1. Open the terminal. Enter "Su" (no quotes)

2. The next step is to enter your password and enter your root password.

3. Suppose my folder is in the home directory and the address is/var/home/dengchao/cc. Assuming that I want to modify the file permission to 777, the permission to enter the chmod 777/var/home/userid/cc folder at the terminal becomes 777.

If you are modifying permissions on folders and subfolders, you can use Chmod-r 777/var/home/userid/cc

Specific permissions (such as the meaning of 777) are explained below:

1.777 has 3 bits, the highest bit 7 is to set the file owner access, the second is to set the group access, the lowest bit is to set other people access rights.

Each of these permissions is represented by a number. These permissions are specific:

R (read, reading, permission value 4): For a file, it has the right to read the contents of the file, and for the directory, it has permission to browse the directory.

W (write, write, permission value is 2): For the file, with new, modify the contents of the file permissions, for the directory, with the delete, move files within the directory permissions.

X (Execute, execute, permission value is 1): For a file, have permission to execute the file; The user has access to the directory for the directory.

2. First, let's look at how to determine the number of permissions on a single for example, the highest bit represents the file owner permission value, and when the number is 7 o'clock, 7 uses "rwx" to denote –{4 (R) +2 (W) +1 (x) =7}– and if the value is 6, the –{4 (r) +2 (W) +0 (x) is represented by "rw-" = 6}–, "-" indicates that there is no permission, which means that no "execute" permission is available.

If we set the access rights of other users to "R –", then the value is 4+0+0=4

At first many beginners will be confused, in fact very simple, we will rwx as binary number, if there are 1, no 0 said, then rwx can be expressed as: 111

and the binary 111 is 7.

3. Let's take a look at how to determine the permissions on the 3 digits. If we want to set permissions for a file, the specific permissions are as follows:

The file owner has read, write, execute permissions, the group user has Read permission, the other user has Read permission, then the corresponding letter is "rwxr–r–", the corresponding number is 744

Generally, the highest bit represents the file Owner permission value, the second represents the group user right, and the lowest bit represents other user rights.

Here are some examples to familiarize yourself with.

Permission values

RWX rw-r–764



There are two ways to use this command. One is the text-setting method that contains the letters and operator expressions, and the other is the numeric setting that contains the numbers.

1. Text Setting method

chmod [who] [+ | –| =] [mode] filename ¼

The meanings of the options in the command are:

Action object who is one of the following letters or their combination:

U represents "User", which is the owner of a file or directory.

G means "same group of users", that is, all users who have the same group ID as the owner of the file.

O Represents "other (others) users".

A represents "All users". It is the system default value.

The action symbol can be:

+ Add a permission.

– Cancel a permission.

= gives the given permission and cancels all other permissions, if any.

The permissions represented by mode set can be any combination of the following letters:

R readable.

W can be written.

X executable.

x attributes are appended only if the target file is executable for some users or if the destination file is a directory.

s the owner or group ID of the process to the file owner of the file when the file is executed. Mode "U+s" sets the user ID bit of the file, and "G+s" sets the group ID bit.

T saves the text of the program to the switching device.

You have the same permissions as the owner of the file.

G has the same permissions as the user of the same group as the file owner.

o have the same permissions as other users.

-C: Display the change action if the file permissions have actually changed

-F: Do not display error messages if the file permissions cannot be changed

-V: Show details of permission changes

-r: The same permission changes are made to all files under the current directory and subdirectories (that is, to be changed one at a time)

–HELP: Show Auxiliary Instructions

–version: Display version

File name: A space-separated list of files to change permissions to support wildcard characters. Multiple permissions can be given in one command line, separated by commas. For example, chmodg+r,o+r example makes the same group and other users example read permissions to the file.

Example 1:

$ chmod a+x Sort

The property of the set file sort is:

File owner (u) Increase execution permissions

Increase execution permissions with the same group of users as the file owner (g)

Other users (O) Increase execution permissions

Example 2:

$ chmod ug+w,o-x Text

The property of the set file text is:

File owner (u) Increase Write permissions

Add write permissions to the same group of users as the file owner (g)

Other users (O) Delete execution permissions

Example 3:

$ chmod u+s a.out

Let's assume that the permissions for a.out after the execution of chmod are (as can be seen with the Ls–l a.out command):

–rws--x--x 1 ininusers 7192 Nov 4 14:22 a.out

And this executable file to use a text file shiyan1.c, its file access permission is "–RW ——-", that is, the file only its owner has read and write permissions.

When another user executes a.out this program, his identity is temporarily inin by the program (because the S option is used in the chmod command), so he can read the shiyan1.c file (although this file is set to someone else does not have any permissions), this is the function of S.

Therefore, in the entire system, especially root itself, it is best not to set this type of file too much (unless necessary) to ensure that the system security, to avoid some program bugs and the system is compromised.

Example 4:

$ chmod a–x Mm.txt

$ chmod–x Mm.txt

$ chmod Ugo–xmm.txt

All three of these commands delete the execution permissions of the file Mm.txt, and it sets the object to all users.

2. Digital Setting method

We must first understand the meaning of a number-represented attribute: 0 means no permission, 1 for executable, 2 for writable, 4 for readable, and then adds. Therefore, the format of the numeric attribute should be 3 octal from 0 to 7, in the Order of (U) (g) (O).

For example, if you want the owner of a file to have read/write two permissions, you need to have 4 (readable) +2 (writable) =6 (read/write).

The general form of the number setting method is: chmod [mode] filename ¼

Example 1:

$ chmod 644 Mm.txt

$ ls–l

The properties of the set file Mm.txt are:

-rw-r--r--1 ininusers 1155 Nov 5 11:22 Mm.txt

File owner (U) inin has read and write permissions

Has read access to the same group of users as the owner of the file (g)

Other person (o) has Read permission

Example 2:

$ chmod 750wch.txt

$ ls–l

-rwxr-x---1 ininusers 44137 Nov 9:22 wchtxt

Set Wchtxt The properties of this file are:

File owner (U) inin readable/writable/executable power

(g) Read/execute rights to the same group as the owner of the file

Other people (O) do not have any permissions

chgrp Command

Function: Change the group to which the file or directory belongs.

Syntax: chgrp [option]group Filename¼


The-C or –changes effect is similar to the "-V" parameter but only returns the changed part.

The-F or –quiet or –silent does not display an error message.

-H or –no-dereference only make changes to the signed file, but not any other related files.

-R or –recursive recursively, all files and subdirectories under the specified directory are processed together.

The-V or –verbose displays the instruction execution process.

–help online Help.

–reference=< reference file or directory > The group that owns the specified file or directory is all set to the same group as the reference file or directory.

–version Displays version information.

This command changes the user group to which the specified file belongs. Where group can be the user group ID or the group name of the user group in the/etc/group file. The file name is separated by a space to change the list of files in the group, supporting wildcard characters. If the user is not the owner or superuser of the file, the group of the file cannot be changed.

The options for this command mean:

–r recursively changes the group of the specified directory and all subdirectories and files under it.

Example 1:

$ chgrp-r Book/opt/local/book

Change the group of all files under/opt/local/book/and its subdirectories to book.

chown Command

Function: Change the owner and group of a file or directory. This command is also very common. For example, root users copy their own files to the user Yusi, in order to allow users Yusi access to this file, the root should be the owner of the file to Yusi, otherwise, the user yusi can not access this file.

Syntax: chown [options] User or group file

Description: Chown changes the owner of the specified file to the specified user or group. The user can be a user name or a user ID. A group can be either a group name or a group ID. The file is a space-separated list of files that you want to change permissions for, wildcard characters are supported.

Parameter description:

User: The user ID of the new file owner

Group: The user group of the new file owner (group)

-C: If the owner of the file has actually changed, the change action is displayed

-F: Do not display error messages if the file owner cannot be changed

-H: Change only for link (link), not the file that link actually points to

-V: Show details of owner changes

-R: The same owner changes to all files in the current directory and subdirectories (that is, to be changed one at a time)

–HELP: Show Auxiliary Instructions

–version: Display version

Example 1: Change the owner of the file to Yusi.

$ chown

Example 2: The owner of the directory/demo and all the files and subdirectories under it is changed to Yusi and the group is changed to users.

$ chown-ryusi.users/demo

For example: Chown qq/home/qq (the owner of the QQ directory under the home directory is changed to QQ user)

For example: Chown-r qq/home/qq (the owner of all the files in the QQ directory under the home directory to QQ users)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.