Professional Documents
Culture Documents
Tutonics
Tutorials on Linux, Ubuntu Tips & Guides
work. Learn how to change these permissions using the chmod command.
Find out how default permissions for new les are con
gured via a user's
umask value.
Contents
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 1/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
File permissions de ne which user or system accounts have permissions to read, write, and
execute speci
c les.
There are also three other components when it comes to le mode bits, namely the setuid
As you'll see later, these "special mode bits" can only be used for certain les.
File permissions are identi ed through le mode bits. These bits represent what actions can
For example, if you run the command lsl to list the les in the current directory, you'll
see something similar to this at the beginning of each line in the results:
rwxrwxrwx
The repeated rwx sequences represent the notion of read (r), write (w), and execute (x)
Hence the rwxrwxrwx above indicates that user, group, and other have read, write and
execute permissions for that le or in other words: the owner of the le, anyone in the le's
group, and everybody else has read, write, and execute permissions for that le).
Note that the leading you'll see in permissions like rwxrwxrwx simply indicates that this is
a normal
le ( le type regular).
File Types
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 2/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
The possible le types you may see are depicted by preceding the permissions by one of
these:
= Regular File
d = Directory
l = Symbolic Link
c = Character Device
p = Named Pipe
rwrwr
A regular le, readable and writeable by user and group, but only readable by everybody
else.
drwxrxrx
Note that the d above indicates that the permissions are for a directory (i.e. the le's type is
a directory).
This directory is readable, writeable, and executable by "user" whilst only readable and
Also note that for directories, the execute mode bit x indicates access / searchability of that
rw
The above permissions show that the owner of this regular le has read and write
permission but nobody else has any permissions for that le.
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 3/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
crww
You'll know it refers to a "character device" (such as a tty) where the "user" has read and
write permission, the "group" has write permission, and "other" has no permissions.
To recap, the meanings of r , w , and x for each of the three categories "user", "group", and
"other" are illustrated in the image below which shows an lsl command run in a directory
The user name shown in the image above is the name of the user account which owns the
le (normally the creator, but this can be changed using chown) whilst the group name is the
By default in Ubuntu, the default primary group is a group with the same name as the user.
This is the case above where both the user and group are "tutonics" (for more info about
user accounts and groups, please read our post about user account and group management).
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html
Normal Process Permissions 4/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
When a process runs, it takes on the e ective permissions of the user who started it. This
means the process can only read / write / execute what the user has permissions for.
The same applies to the e ective group id of a process, it assumes that of the user, so group
This behaviour gets changed when setuid and/or setgid bits are set as you'll see next.
When the setuid bit is set for a program, on execution the process's e ective user ID gets
set to that of the program le itself (rather than that of the user running it).
If a le with permissions rwxrwxrw gets its setuid bit set, the permissions will be displayed
If however, the le didn't have the x permissions for the user, and then had the setuid bit
So to recap, there is a di erence between S and s the former indicates just the setuid bit,
the latter indicates setuid bit and execute x (for that position) in the permissions is set.
When the setgid bit is set for a program, on execution the process's e ective group ID gets
set to that of the program le (rather than that of the user's primary group).
If a le starts out with rwrr (no group x) and has its setgid bit set, you'd see it being
When the setuid bit is set as part of a directory's permissions in Ubuntu, it does nothing, i.e.
it has no e ect (This is not the case for the setgid bit, as you'll see next).
When the setgid bit is set for a directory, any les created in that directory will have the
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 5/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
Also, any directories created in that directory will also have their setgid bit set.
Sticky Bit
Nowadays (for linux) the sticky bit is used only in relation to directories.
When a directory has the sticky bit set, only root or the le's owner has permission to
The letter's T and t are used to indicate that the sticky bit is set. e.g. A directory with
permissions drwxrxrx having the sticky bit set, would change to drwxrxrt whilst a dir
with drwxrxr would change to drwxrxrT (So t vs T depends on whether the "other"
Sometimes, you'll see permissions referred to numerically in base 8 octal (i.e. using digits 0-
7).
So for example, using the table above, we can see that the le permissions rwxrwxrwx can
be represented in octal as 777 (because each rwx translates to an octal digit 7).
Note that the octal number refers to permissions, the le type does not matter.
So, if we wanted to represent the permissions drwxrwxrwx of a directory in octal, the same
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html
Other Octal Permission Examples: 6/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
rwxrxrx 755
rwrwr 664
rwrr 644
rw 600
chmodMODEfile
2. Using numeric modes (An octal (base 8) number that represents the mode)
Using the "numeric modes" way of setting these permissions is shorter than the symbolic
method, but not as exible because you can't build on top of existing permissions which is
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 7/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
In order to change the permissions of a le using symbolic permissions, use the command
format:
chmodSYMBOLICMODEFILENAME
The letters for user, group, and other are u, g, and o respectively. The letter a is used to
[ugoa...][[+=][permissions...]...]
When you combine the above with the permission letters r , w , and x you can run chmod
chmoda=rwxfilename
Breaking this down, the a means all and rwx means set read, write, and execute.
The = means that permissions are to be set to exactly what we specify.(i.e. we overwrite the
current permissions).
In this case you can get the same result more explicitly using either:
chmodugo=rwxfilename
or
chmodugo+=rwxfilename
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 8/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
Regarding just the symbolic mode part of the command, here are a few more examples:
a+r
ar
a+x
ax
ug=rw
To add read, write permissions to user and group to the permissions that already exist:
ug+=rw
To remove execute permissions from group and other (i.e from all users except the le's
owner):
gox
go=
Note in the examples above and in general that there are di erent combinations that
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 9/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
u+s
us
g+s
gs
+t
To set the permissions of a le or directory using numeric modes, simply use the format:
chmodOCTALMODEFILENAME
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 10/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
For example, to set the permissions of lename to rwrr you could run the command:
chmod644filename
chmod777filename
Be careful when setting permissions to 777 as this means every single user account can read,
The setuid, setgid, and sticky bit can be set using chmod where
1 = sticky bit
2 = setgid
4 = setuid
For example to set the setuid bit along with permissions 766:
chmod4766filename
chmod2776filename
chmod1776fileanme
To set both setuid(2) and setgid(4) along with 766, prepend with 6. i.e. 2+4:
chmod6766filename
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 11/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
When a user creates a le, how does the system determine that le's initial permissions?
In Ubuntu, the default umask value for a normal user is 002, while the default for root is 022.
You can nd out the current umask value (or set it) using the umask command.
umask
You'll see something like 0002 displayed, however octal numbers are preceded by a 0 (in the
same way hex would be preceded by 0x), so the umask value itself is actually 002.
This value is an octal (base 8, digits 0-7) value which is subtracted from a base value of 777
A umask of 002 basically means don't remove any permissions from the base value for "user"
or "group", but "other" is not allowed write permission (write permission is octal 2, or binary
010 meaning w ).
touchnewfile.txt
The le permissions for this new le will be 666-002 = 664, i.e. rwrwr (readable and
mkdirnewDir
The le permissions for the directory newDir will be 777-002 = 775, i.e. drwxrwxrx (readable,
writeable, executable by user and group, but only readable and executable by everyone
else).
If you wish to set the umask value to something else, simply use umask command like so:
umasknewvalue
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 12/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
where "newvalue" is an octal number representing which permissions you do not want to be
What's Next?
We'll be covering how to change le ownership and group ownership in the next post.
Thank you for reading this article. Please contact us if you have any suggestions for
improvements.
Terminal Basics
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 13/14
4/16/2016 LinuxFilePermissions,chmod,&umaskTutonics
Ubuntu & the Ubuntu logo are registered trademarks of Canonical Ltd.
http://www.tutonics.com/2012/12/linuxfilepermissionschmodumask.html 14/14