Linux executable file permission

File Permissions in Linux – How to Use the chmod Command

Arunachalam B

Just as with other operating systems, multiple users can create user accounts and share the same machine running Linux OS.

But whenever different users share a system, problems of privacy can easily arise. The first user may not wish the next user to view, edit, or delete their files, for example.

The Linux Terminal possesses some superpowers when it comes to handling file permissions. You can grant or revoke permissions for every file and directory from your Linux Terminal.

What are File Permissions in Linux?

File permissions control which actions can be performed by which users. Read, Write, and Execute are the three actions possible for every file.

Users are classified under three broad categories: Normal users, Groups, and Others. Linux allows users to set permissions at a very granular level. You can secure your file or directory in every possible location of a file system.

There are three important commands you’ll use when managing file permissions:

Among these, chmod is one of the most important commands. We’ll discuss the chmod command in this tutorial, and I’ll get into the others in upcoming articles.

Let’s deep dive into the chmod command 🏊.

Actions you can perform on a file

Before we proceed further, I want to make sure you’re clear about how the Read, Write, and Execute actions of a file work. Read and write are pretty are self-explanatory – they determine whether a user can read or write to a file.

But, what’s an executable file?

A file is said to be executable if it has a sequence of instructions to achieve something. A good example is scripting files (Shell Scripts).

What is the chmod Command?

chmod is a command that lets you change the permissions of a file or directory to all types of users.

Here’s the syntax of the chmod command:

Now it is executable. He stared at me as if I was a hacker 😂. But really, it’s a pretty simple and basic concept.

How to Remove Permissions from a File in Linux

I work with my colleague Divad on lots of projects, and he likes to try to fool me. We work together on many hobby projects and we often write shell scripts for quick deployment.

Whenever he writes shell scripts, he always removes all the permissions from the file and pushes the changes to the remote repo. So every time I have to grant permissions using the above commands for whatever action I have to do.

Let’s have a quick look at the command he uses to remove file permissions.

Here we have a file named install.sh which has all permissions (Read, Write, Execute). Let’s remove the execute permission for this script file.

You’ll not be able to execute this file now. Trying so will give you an error as shown in the above screenshot.

Let’s remove the read permission from the file.

The same applies to removing write permission from the file:

You can achieve all the above together using the below command:

But, did you know that I can create another directory inside locked_directory named dir1 and read the files and folders in dir1 ?

Then what’s the purpose of the command we just ran before? Removing the read permission on the parent should remove the same on child directories too, right?

Well. That’s the exact thing I told you earlier. Linux manages a very granular level of file permissions.

If you want to apply the permissions to the parent directory and all its child directories, you need to pass an exclusive flag with the chmod command.

That flag is -R . It basically means applying the same permissions recursively to all sub-directories (child directories). So this permission will apply to the end child of a file/directory.

Here’s the syntax for that:

From the above screenshot, you can see that trying to view the child directory files has failed after removing the read permission recursively from the parent directory.

Another Way to Handle File Permissions in Linux

Alternatively, you can use Octal representation to control the file permissions.

We can use numbers to represent file permissions (the method most commonly used to set permissions). When you change permissions using the Octal mode, you represent permissions for each triplet using a number (4, 2, 1, or combination of 4, 2, and 1).

Let’s see the syntax for using octal mode:

Look at the first part of the output ( -rwxrwxrwx ) from the above screenshot. Let’s explore what it means:

The first character indicates the type of input.

• «-» indicates a file
• «d» indicates a directory
• «i» indicates a link (a symlink, which is a shortcut to a file/directory)

You group the next set of letters, at a maximum of 3 for each group. These groups represents corresponding permissions for user, group, and others.

Conclusion

In this article, you have learned about handling basic file and folder permissions.

I hope you enjoyed reading this tutorial. I have one request to all: give it a try on your own with some complicated scenarios like having permutations and combinations of permissions 😂. It’ll definitely be helpful in your entire career.

Subscribe to my newsletter by visiting my site and also have a look at the consolidated list of all my blogs.

Источник

Chmod +X

[#the-short-answer]The Short Answer[#the-short-answer]

On Linux and Unix-like operating systems (MacOS included), the [.inline-code]chmod[.inline-code] command is used to change the permissions of files and directories. The [.inline-code]x[.inline-code] option specifically sets the execute permission on a file, allowing it to be run as a program.

For example, to make a script executable by every user on the system, you can use the following command:

Then run the script directly:

Note that the [.inline-code]+[.inline-code] sign here translates to “add permission”.

[#execute-permission-directories]The Execute Permission For Directories[#execute-permission-directories]

In the case of directories, the execute permission has a slightly different meaning than for files, as when set, it allows users to list their content using the [.inline-code]ls[.inline-code] command, or enter them using the [.inline-code]cd[.inline-code] command.

[#setting-execute-permission]Setting The Execute Permission For Specific Users[#setting-execute-permission]

In some cases, you might want to control which user is allowed to execute a file.

To do so, you can use a combination of the letters:

• [.inline-code]a[.inline-code] for all; which designates all users on the system.
• [.inline-code]u[.inline-code] for user; which is the user account that created the file or has been assigned ownership of the file
• [.inline-code]g[.inline-code] for group; which is a collection of user accounts, such as members of the same team, that have been granted certain permissions on the file.
• [.inline-code]o[.inline-code] for others; which are all other users who are not the owner or members of the group associated with the file.

[#execute-permission-owner-of-file]Use [.inline-code]u+x[.inline-code] to give execute permission to the owner of the file only[#execute-permission-owner-of-file]

[#execute-permission-owner-and-group]Use [.inline-code]ug+x[.inline-code] to give execute permission to the owner of the file and the group[#execute-permission-owner-and-group]

[#execute-permission-everyone]Use [.inline-code]a+x[.inline-code] to give execute permission to everyone[#execute-permission-everyone]

Note that in this last case, executing [.inline-code]chmod a+x[.inline-code] has the same effect as [.inline-code]chmod +x[.inline-code].

[#execute-permission-conditionally]Setting The Execute Permission Conditionally[#execute-permission-conditionally]

The [.inline-code]X[.inline-code] (uppercase [.inline-code]x[.inline-code]) option allows to conditionally set the execute permission of files and directories.

• If the target is a directory, then it sets the execute permission for the owner, the group, and the others, allowing them to list and enter the directory.
• If the target is a regular file, then it doesn’t set the execute permission, unless it is already enabled on at least one of the owner, the group, or the others.

This option is particularly useful when you want to recursively change the permission of a directory and its subdirectories, without affecting the regular files themselves.

For example, let’s consider the following [.inline-code]tmp[.inline-code] directory:

Running the [.inline-code]chmod -R g+X[.inline-code] command on this directory will set the execute permission for the group on:

• The [.inline-code]tmp[.inline-code] directory.
• The [.inline-code]dir_1[.inline-code] subdirectory.
• The [.inline-code]script_1.sh[.inline-code] file.

But will leave the permissions of the [.inline-code]script.sh[.inline-code] file unchanged.

Note that running [.inline-code]chmod +X[.inline-code] will have the same effect as running [.inline-code]chmod a+X[.inline-code].

[#sudo-chmod]Using the [.inline-code]chmod[.inline-code] command with [.inline-code]sudo[.inline-code][#sudo-chmod]

The [.inline-code]sudo[.inline-code] command is used to execute a command as the superuser (or root).

Executing the [.inline-code]chmod[.inline-code] command with [.inline-code]sudo[.inline-code] allows you to modify the permissions of files or directories that you do not have access to as the current user.

For example, you can use the [.inline-code]sudo chmod +x[.inline-code] command on a system file to give permission to all users to execute it.

It is important to note that giving the execute permission to all users to a file or directory belonging to the system may lead to security vulnerabilities and have unintended consequences.

Источник