Linux Commands: Modify file Permissions command chmod, CHGRP, Chown detailed

Source: Internet
Author: User
Tags readable

Each file and directory in a Linux system has access permissions, which are used to determine who can access and manipulate files and directories.

Access to a file or directory is divided into read-only, write-only, and executable three types. As an example of a file, a read-only permission means that only the content is allowed to be read, and any changes to it are forbidden. Executable permission means that the file is allowed to be executed as a program. When a file is created, the file owner automatically has read, write, and execute permissions on the file to facilitate the reading and modification of the file. Users can also set access rights to any combination they want, as needed.

There are three different types of users who can access files or directories: The file owner, the same group of users, and other users. The owner is typically the creator of the file. The owner can allow the same group of users access to the file, as well as the access rights of the file to other users on the system. In this case, every user in the system can access the files or directories that the user owns.

Each file or directory has three groups of access rights, each group is represented by three bits, respectively, the read, write, and execute permissions of the file owner, the read, write, and execute permissions of the user belonging to the primary group, and the read, write, and execute permissions of other users in the system. When ls -l you display the details of a file or directory with a command, the leftmost column is the file's access rights. For example:

    1. $ ls -l sobsrc. tgz
    2. -RW-R--R-- 1 root root 483997 Ju1 L5 : 3l sobsrc. tgz

The horizontal line represents an empty license. R stands for read-only, W stands for write, and x stands for executable. Note there are 10 locations. The first character specifies the file type. In the usual sense, a directory is also a file. If the first character is a horizontal line, it represents a non-directory file. If it is D, the representation is a directory. For example:


Normal file file main group user other users

is the access rights of the file Sobsrc.tgz, indicating that sobsrc.tgz is an ordinary file, the owner of the SOBSRC.TGZ has read and write permission, and the user of the same group as the SOBSRC.TGZ owner only reads, and the other user only has Read permission.

After determining the access rights of a file, users can use the chmod command provided by the Linux system to reset different access rights. You can also use the Chown command to change the owner of a file or directory. Use the CHGRP command to change the user group for a file or directory.

These commands are described separately below.

chmod command

The chmod command is very important for changing the access rights of a file or directory. Users use it to control access to files or directories.

Take the example of a folder named "CC" Under the home folder. The following step-by-step article describes how to modify permissions:

1. Open the terminal. Enter "su" (no quotation marks)

2. Next, you will be asked to enter your password and enter your root password.

3. Suppose my folder is in the home directory, the address is/var/home/dengchao/cc. Assuming that I want to modify the file permission to 777, the permission to enter the chmod 777/var/home/userid/cc folder in the terminal becomes 777.

If you are modifying folder and subfolder permissions you can use Chmod-r 777/var/home/userid/cc

The specific permissions (such as the meaning of 777, etc.) are explained below:

1.777 has 3 bits, the highest bit 7 is to set the file owner access rights, the second is to set group access, the lowest bit is to set other people access rights.

Each of these bits is represented by numbers. These permissions are specific:

    • R (read, reading, permission value 4): For a file, have permission to read the contents of the file, and for the directory, have permission to browse the directory.
    • W (write, write, permission value 2): For the file, has the new, modifies the file content the permission, for the directory, has the deletion, the move directory inside the file the permission.
    • X (Execute, execute, Permission value 1): For the file, it has permission to execute the file, and for the directory, the user has permission to enter the directory.

2. First we look at how to determine the number of permissions on a single one, for example, the highest bit represents the value of the file owner permissions, when the number is 7 o'clock, 7 with "rwx" means –{4 (R) +2 (W) +1 (x) =7}– and if the value is 6, then "rw-" means –{4 (R) +2 (W) +0 6}–, "-" indicates that there is no permission, which means that there is no "execute" permission.

If we set the access rights of other users to "R –", the value is 4+0+0=4

At first many beginners will be confused, it is very simple, we will rwx as a binary number, if there is 1, no 0 means, then rwx can be expressed as: 111

and the binary 111 is 7.

3. Let's take a look at how to determine the permissions on the 3 digits. If we want to set permissions for a file, the specific permissions are as follows:

The file owner has "read", "Write", "execute" permission, the group user has "read" permission, other users have "read" permission, the corresponding letter is expressed as "rwx r–r–", the corresponding number is 744

Typically the highest bit represents the file Owner permission value, the second represents the group user right, and the lowest bit represents the other user rights.

Here are some examples to familiarize yourself with.

Permissions Numerical
RWX rw-r– 764
rw-r–r– 644
rw-rw-r– 664

There are two ways to use this command. One is a text-setting method that contains letters and operator expressions, and the other is a digital setting method that contains numbers.

1. Text Setting method

chmod [who] [+ | –| =] [mode] filename?

The meanings of the options in the command are:

Action object who is either or a combination of the following letters:

    • U means "user", which is the owner of the file or directory.
    • G means "same group user", that is, all users who have the same group ID as the file owner.
    • O means "other (others) users".
    • A means "all users". It is the system default value.

The operation symbols can be:

    • + Add a permission.
    • – Cancel a permission.
    • = gives the given permission and cancels all other permissions, if any.
    • Setting the permissions represented by mode can be any combination of the following letters:
    • R is readable.
    • W writable.
    • X executable.
    • x append the x attribute only if the destination file is executable to some users, or if the target file is a directory.
    • S is the owner of the file in which the owner or group ID of the process is placed when the file is executed. The way "U+s" sets the user ID bit of the file, "G+s" sets the group ID bit.
    • T save the program's text to the swap device.
    • You have the same permissions as the owner of the file.
    • G has the same permissions as a user with the same group as the file owner.
    • o have the same permissions as other users.
    • -C: If the file permissions have changed, the change action will be displayed
    • -F: Do not display an error message if the file permissions cannot be changed
    • -V: Show details of permission changes
    • -r: The same permissions change for all files in the current directory and subdirectories (that is, they are changed in a recursive manner)
    • Help: Show Auxiliary instructions
    • –version: Display version

File name: A list of files separated by spaces to change permissions, and wildcard characters are supported. Multiple permission methods can be given in one command line, separated by commas. For example: chmod g+r,o+r example enables the same group and other users to have read access to the file example.

Example 1:

    1. $ chmod a+x sort

The properties of the set file sort are:

File owner (u) Increased execution permissions

Increase execution rights with the owner of the file in the same group as the user (g)

Additional users (O) Increased execution permissions

Example 2:

    1. $ chmod ug+w,o-x text

The property of the set file text is:

File owner (u) Add Write permission

Add write permissions to the same group of users as the file owner (g)

Other users (O) Remove Execute permissions

Example 3:

    1. $ chmod u+s a. out

Assume that the permissions for a.out after executing chmod are (can be seen with the Ls–l a.out command):

    1. –RWS--x--x 1 inin users 7192 Nov 4 : A. out

And this execution file to use a text file shiyan1.c, its file access permission is "–RW ——-", that is, the file only its owner has read and write permissions.

When other users execute a.out this program, his identity is temporarily inin because of this program (because the chmod command uses the S option), so he can read shiyan1.c this file (although this file is set to other people do not have any permissions), this is the function of S.

Therefore, in the whole system, especially the root itself, it is best not to set too much of this type of file (unless necessary) to ensure the security of the system, to avoid the bug of some programs to make the system compromised.

Example 4:

    1. $ chmod a–x mm. TXT
    2. $ chmod –x mm. TXT
    3. $ chmod Ugo–x mm. TXT

All of the above three commands delete the execution permission of the file Mm.txt, and it sets the object to be all the users.

2. Digital Setting method

We must first understand the meaning of the attributes represented by numbers: 0 means no permissions, 1 means executable permissions, 2 is writable, 4 is read, and then it is added. So the format of the numeric attribute should be 3 octal numbers from 0 to 7, in the Order of (U) (g) (O).

For example, if you want the owner of a file to have "read/write" Two permissions, you need to have 4 (readable) +2 (writable) =6 (read/write).

The general form of the digital setting method is: chmod [mode] file name?

Example 1:

    1. $ chmod 644 mm. TXT
    2. $ ls –l

The properties of the set file Mm.txt are:

    1. -RW-R--R-- 1 inin users 1155 Nov 5 11 : mm. TXT

File owner (U) inin has read and write permissions

User with file owner (g) has Read access

Other people (O) have read access

Example 2:

    1. $ chmod wch. TXT
    2. $ ls –l
    3. -rwxr-x--- 1 inin users 44137 Nov 9: wchtxt

That is, set wchtxt the properties of this file are:

File owner (U) inin readable/writable/executable rights

(g) readable/enforceable rights with the main group of files

Other people (O) do not have any permissions

CHGRP command

Function: Change the group to which the file or directory belongs.

Syntax: CHGRP [options] group filename?


    • The-C or –changes effect resembles the "-V" parameter, but returns only the part of the change.
    • -F or –quiet or –silent does not display an error message.
    • -H or –no-dereference only modifies the signed file, without altering any other related files.
    • -R or –recursive recursively handles all files and subdirectories under the specified directory.
    • -V or –verbose shows the instruction execution process.
    • Help online Help.
    • –reference=< reference file or directory > The group that owns the specified file or directory is set to the same group as the reference file or directory.
    • –version Displays version information.

This command changes the user group to which the specified file belongs. Where group can be the user group ID or the group name of the user group in the/etc/group file. The file name is separated by a space to change the list of files belonging to the group, support wildcard characters. If the user is not the owner or superuser of the file, you cannot change the group of the file.

The options for the command mean:

–r recursively changes the group of subdirectories and files of the specified directory and all its sub-directories.

Example 1:

    1. $ chgrp - R book /opt/local / Book

Change the genus of all files under/opt/local/book/and its subdirectories as book.

Chown command

Function: Change a file or directory's owner and owner group. This command is also very common. For example, the root user copies one of their own files to the user Yusi, in order to allow the user Yusi to access the file, the root user should be the owner of the file Yusi, otherwise, the user Yusi cannot access the file.

Syntax: chown [options] User or group file

Description: Chown changes the owner of the specified file to the specified user or group. The user can be either a user name or a user ID. A group can be either a group name or a group ID. The file is a space-separated list of files to change permissions, and wildcard characters are supported.

Parameter description:

    • User: The user ID of the new file owner
    • Group: The user group of the new file owner (group)
    • C: If the file owner has changed, the change action is displayed
    • -F: Do not display an error message if the owner of the file cannot be changed
    • -H: Changes to the link only, not the file that the link really points to
    • -V: Show details of owner changes
    • -R: Same owner change for all files in the current directory and subdirectories (i.e., one by one in a recursive way)
    • Help: Show Auxiliary instructions
    • –version: Display version

Example 1: Change the owner of the file to Yusi.

    1. $ chown yusi yusi123. COM

Example 2: Change the directory/demo and all the files and subdirectories under the master to Yusi, belong to the group changed to users.

    1. $ chown - R yusi. Users /demo

For example: Chown qq/home/qq (the owner of the QQ directory under the home directory is changed to QQ users)

For example: Chown-r qq/home/qq (to the home directory under the QQ directory of all sub-files to the owner of the QQ user)

Note: Part of the reference from Baidu Encyclopedia.

Reprint Please specify: Want to think blog? Linux Commands: Modify file Permissions command chmod, CHGRP, Chown detailed

Linux Commands: Modify file Permissions command chmod, CHGRP, Chown detailed

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.