When I was configuring my first Ubuntu server, I was so confused about file permissions. All I knew was that everything had to be
sudo this and
sudo that, and since you couldn’t run that command in a browser, you ended up getting this nasty 403 error that basically said, “Sorry, but you don’t have the permissions to see this.” It absolutely ticked me off. Months later, I’m taking an Operating Systems class and finally cracking the egg.
I’ve done some fairly extensive Googling on the subject, and there doesn’t seem to be any good articles that address the subject. Combined with the fact that I want to solidify how these things work in my own mind (particularly in lieu of the exam coming up tomorrow) I want to see if I can’t do a better job explaining how this works.
File permissions consist of three categories, and each of those categories has a sub category.
Sounds intimidating? Don’t sweat it. It’s not as scary as it looks. GNU puts everyone in one of three categories: the owner, the group, and everyone else. The owner, naturally enough, is the person who created the file or directory. The group is anyone who is associated with that computer — anyone who can log into it. Everyone else consists of anyone who can’t log in. For example, someone viewing a folder by means of a web page fits in this group.
So, the owner, the group, and everyone else. If you’re interacting with GNU, you’re one of those three people. But wait! Each of three kinds of people have different ways of interacting with that file or folder. First, they can simply look at it. Second, they can edit what they’re looking at. Thirdly, they can execute it. That third one is the most interesting. Executing something means that you’re harnessing it do perform a specific task. You’re not editing it or changing its nature. As an example, think of a simple bash script that aggregates a bunch of log files and puts them into a single
log.txt. file by means of the
Enough theory, let’s start looking at some practical examples.
Pop open a Terminal and type this:
touch test.txt && ls -l test.txt
touch command simply creates a quick file called
test.txt. Next, you’re listing the information about this directory you’ve just created. For example, my Terminal looks like this:
-rw-r--r-- 1 martynchamberlin staff 0 Jul 19 19:10 test.txt
ls -l filename command returns us several columns of interesting data, but the thing we’re interested in is the very first part. The very first dash on that line (
-) indicates that we’re looking at a file, not a folder (it would have a lowercase “d” if it were a folder). Even though this dash is connected to the new few characters (
rw-r--r--), you can rest assured that it is actually a distinct element from these proceeding characters. Now, remember that GNU sees you as one of three people? The first three characters (beginning with the
r) are designated to the owner, the next three go with the group, and the final three go with the rest of the world. For clarity, let’s take a look at this below:
- Rest of the world:
There you have it! Now, remember how each of these three groups is divided into three different ways of interacting with this file? They can read, write, and execute. In GNU, each of these modes is represented by a letter. They are shown below:
Simple enough, right? The absence of one of these permissions is indicated by a dash character, like this:
-. Going back to our original
test.txt file, we can learn the following.
- The owner is able to read and write, but not execute
- The group is able to read, but not write or execute
- The rest is also able to read, but not write or execute
How do you change the permissions on files and folders? While few people really care about the inner workings of file permissions, they do care about being able to change them. After all, that’s how you go from having a nasty 403 error on an HTML to page a beautiful web site! But here is where most people go astray. Sadly, we tend to only care about solving the problem at hand instead of learning the theory behind the answer. So instead of learning how file permissions work, we’re much more likely to google something like “how to get rid of 403 error.” But this is really cheating ourselves of learning the beauty behind file permissions. In order to appreciate file permissions like we should, we first need to have an understanding about the binary system.
How does the binary numbering system work? If you’re new to binary, think about the decimal system. It operates on multiples of ten. When you get to a new multiple, you add a digit. For example, when you go from 9 to 10, you have to add a digit. When you go from 99 to 100, you add another way. Binary works the same way, except on a scale of 2. When you go from 1 to 2, you’ve reached 2’s multiple, so you have to add a digit. When you go from 3 to 4, you add another one. When you go from 7 to 8, you add another. Counting to ten, this is what it would look like:
File permissions are based on binary. Take a look at the owner’s permissions for the test.txt file:
Notice that there are three digits. Judging by our “counting to ten” chart above, this tells us that the binary range is going to be between 4 and 7. Since 1 in binary means “yes” and 0 means “no,” the number we chose will determine whether the person has permissions or not. Let’s say we pick 4 for the author. In binary, this is 100, which means “yes, no, no.” Thus, the author will have read permissions, but not write or execute permissions. What if we pick 5 (101 in binary)? This means, “yes, no, yes” which means the author will have read and execute permissions, but not write permissions. In order to give the author all three permissions, we would have to give him 7 (or 111 in binary).
Okay, let’s put everything together. You have all the building blocks you need to create file permissions. Let’s start out by modifying our
text.txt file’s permissions.
sudo chmod 755 test.txt
sudo keyword stands for “super user do.” The
chmod keyword stands for “change mode.” Next follows the new file permission we want to change our file to, and lastly comes the actual name of the file we’re wanting to change. But what does this
755 mean? Let’s break it down.
7represents the owner. Breaking it to binary, that’s
111, which means, “yes, yes, yes.” The owner has read, write, and execute permissions.
- Next, the
5represents the group. In binary, 5 is
101, which means, “yes, no, yes.” The owner has read and execute permissions, but no write permissions.
- The “rest” have identical permissions to the group.
Okay, we’re almost done! To conclude, let’s look at the most common request when it comes to file permissions.
How can you change the enclosing files and folders within a parent folder?
If you have a folder called
dev with ten files inside, modifying the permissions for the
dev folder won’t change the permissions for the folders inside. To do this, you must use the
R keyword, which stands for “recursive.”
sudo chmod -R 755 dev
There! With a basic understanding of binary, you should be able to change the permissions for whatever you want.