Billyduc’s

Linux (and almost all other Unixish systems) have three user classes as follows:

• User (u): The owner of file
• Group (g): Other user who are in group (to access files)
• Other (o): Everyone else

You can setup following mode on each files. In a Linux and UNIX set of permissions is called as mode:

• Read (r)
• Write (w)
• Execute (x)

However, above three modes or permission have different meaning for file and directory:

Linux Read mode permissions

• Read access on a file allows you to view file
• Read access on a directory allows you to view directory contents with ls command

Write mode permissions

• Write access on a file allows you to write to file
• Write access on a directory allows you to remove or add new files

Execute mode permissions

• Execute access on a file allows to run program or script
• Execute access on a directory allows you access file in the directory

Octal numbers and permissions

You can use octal number to represent mode/permission:

• r: 4
• w: 2
• x: 1

For example, for file owner you can use octal mode as follows. Read, write and execute (full) permission on a file in octal is
0+r+w+x = 0+4+2+1 = 7

Only Read and write permission on a file in octal is
0+r+w+x = 0+4+2+0 = 6

Only read and execute permission on a file in octal is
0+r+w+x = 0+4+0+1 = 5

Use above method to calculate permission for group and others. Let us say you wish to give full permission to owner, read & execute permission to group, and read only permission to others, then you need to calculate permission as follows:
User = r+w+x = 0+4+2+1 = 7
Group= r+w+x = 0+4+2+0 = 6
Others = r+w+x = 0+0+0+1 = 1

Effective permission is 761.

chmod command

To setup file permission you need to use chmod command:
chmod {mode} {file-name}

To setup file permission 761 you need to use chmod command as follows:
# chmod 0761 file
To setup a file readable by anyone and writable by the owner only:
# chmod 644 file
To setup a file readable/executable by everyone and writable by the owner only:
# chmod 755 file
You can change permissions for all files and directories within a directory by using the -R option on the chmod command. For example, to setup others read and execute access to all files and directories (and files and directories within directories), you need to type command as follows (i.e. change the modes of the file hierarchies rooted in the files instead of just the files themselves):
# chmod -R 755 directory-name/

Further readings

1. Access rights: Linux’s first line of defense
2. Read chmod command man page for more information.

Linux or UNIX change file permissions recursively ( conditional )

Q. How do I recursively change files with 777 permissions to 755 in /home/user/demo directory? I have a number of files in this directory and I need to change from 777 to only if that file has 777 permissions.

Is there an easy way out to achieve this?

A. To change file access permissions you use chmod command. It has -R or -recursive option that change files and directories recursively. For example
$ chmod -R 0755 directory

However, if you need to apply conditional file permissions recursively use combination of find and chmod command.

Find all files in /home/user/demo directory
$ find /home/user/demo -print

Now find all files in /home/user/demo directory with permission 777
$ find /home/user/demo -perm 777 -print

Next you need to apply chmod on all these files using -exec option:
$ find /home/user/demo -perm 777 -print -exec chmod 755 {} \;

Read man page of find for more information.

Sharing a directory among users in same group is one of the essential tasks. You need to use chmod command and add user to appropriate group. To make idea clear here is an scenario:

• /home/myproj : is shared directory
• usr1, usr2, … usrN : would like to work and share files in /home/myproj directory
• padmin : Main project administrator user

Step # 1: Create a shared directory /home/myproj
If this directory does not exist then create it:

# mkdir /home/myproj

Step # 2: Create the group shared group
You need to create a new group. Let us assume group name is myproj

# groupadd myproj

Step # 3: Add user project administrator (padmin) and setup password:

# useradd -d /home/myproj/ -g myproj -m padmin
# passwd padmin

Step #4: Add rest of users to group myproj

# useradd -d /home/myproj/ -g myproj usr1
# passwd usr1

Add second user:

# useradd -d /home/myproj/ -g myproj usr2
# passwd usr2

… and so on…

Step #5: Setup permission on /home/myproj directory as follows:
(a) Setup group ownership to myproj group:

# chown -R padmin.myproj /home/myproj/

(b) Setup full permission for group and owner on a directory:

# chmod -R 775 /home/myproj/

(c) Setup sgid bit. So what is sgid bit? Normally whenever you creates file in a directory it belong to default group of user. When a file is created in a directory with the sgid bit set it belogns to the same group as the directory. The result is all users of myproj group can create/alter files in /home/myproj directory:

# chmod -R 2775 /home/myproj/

OR

# chmod -R g+s /home/myproj/

See also:

• FreeBSD : How to setup shared directories

You can use useradd or usermod commands to add user to group. useradd command creates a new user or update default new user information. usermod command modifies a user account i.e. it is useful to add user to existing group. There are two types of group. First is primary user group and other is secondary group.

useradd example - Add a new user to secondary group

Use useradd command to add new users to existing group (or create a new group and then add user). If group does not exist, create it. Syntax:
useradd -G {group-name} username

Create a new user called vivek and add it to group called developers. First login as a root user:
Make sure group developers exists
# grep developers /etc/groupOutput:

developers:x:1124:

If you do not see any output then you need to add group developers using groupadd command:
# groupadd developersAdd a user vivek to group developers
# useradd -G developers vivekSetup password for user vivek:
# passwd vivekEnsure that user added properly to group developers:
# id vivekOutput:

uid=1122(vivek) gid=1125(vivek) groups=1125(vivek),1124(developers)

Please note that small -G option add user to a list of supplementary groups. Each group is separated from the next by a comma, with no intervening whitespace. For example, add user jerry to groups admins, ftp, www, developers:
# useradd -G admins,ftp,www,developers jerry

useradd example - Add a new user to primary group

To add a user tony to group developers use following command:
# useradd -g developers tony
# id tony

uid=1123(tony) gid=1124(developers) groups=1124(developers)

Please note that small -g option add user to initial login group (primary group). The
group name must exist. A group number must refer to an already existing group.

usermod example - Add a existing user to existing group

Add existing user tony to ftp supplementary/secondary group with usermod command using -a option ~ i.e. add the user to the supplemental group(s). Use only with -G option :
# usermod -a -G ftp tonyChange existing user tony primary group to www:
# usermod -g www tony

Remove Linux User From a Secondary Group ( Supplementary Groups )

Q. User tom is a member of a group called sales and printer. I’d like to remove tom from a group called printer without editing any user configuration text files stored at /etc/ directory?

A. /etc/groups file defines group membership for each user. usermod command has -G option to set a list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. If the user is currently a member of a group which is not listed, the user will be removed from the group.

Step # 1: Find out user group identity

Use id command:
# id -nG {user-name}
# id -nG tom
Output:

sales printer

Step # 2: Remove user from printer group

Use the following syntax:
# usermod -G {groupname1,groupname2,…} {username}
To keep membership for sales only group (remove user tom from printer group), enter:
# usermod -G sales tom
# id -nG tom
Output:

sales

The following example remove user vivek from all groups except admin, audio, video and powerdev group:
# id -nG vivek
Output:

vivek adm dialout cdrom floppy audio dip video plugdev scanner netdev lpadmin powerdev admin

Modify group membership, enter:
# usermod -G admin, audio, video, powerdev vivek
# id -nG tom
Sample output:

vivek audio video powerdev admin

For more information, read usermod( command man page:
$ man usermod