I read the man page1, I searched the internet, but Linux permissions didn't really click for me until I envisioned them in this grid:
(u)ser | (g)roup | (o)ther |
---|---|---|
r w x | r w x | r w x |
4 2 1 | 4 2 1 | 4 2 1 |
In fact, I still imagine this grid in my mind's eye every time I'm writing chmod
commands and it's been like 15 years.
So how does the grid work? I'm glad you asked...
There are three permission groupings:
- u (user)
- g (group)
- o (other)
And each permission grouping has three levels:
- r (read)
- w (write)
- x (executable)
And each level has a value:
- r has a value of 4
- w has a value of 2
- x has a value of 1
Numeric Permissions
With numberic permissions we just have to decide what permission levels we want for each permission grouping and then sum up those values.
Let's understand by example...
Example 1
Let's say we run the command:
$ ls -l
And that displays a permission like2:
rw-r--r--
Which is really our three distinct permission groupings--the dash means the group does not have that permission--so user has read and write permissions (rw-
), group has read permissions (r--
), and other has read permissions (r--
).
We can convert those three groupings into their corresponding numeric value equivalents: rw- = 42-
, r-- = 4--
, and r-- = 4--
.
Then, we can sum up those level values and mash the totals together: 4+2=6
, 4=4
, and 4=4
.
So the final permission value is: 644
.
And the chmod
command would be:
$ chmod 644 file.ext
Example 2
rwxr-xr-x
This time, user has read, write, and execute permissions (rwx
), group has read and execute permissions (r-x
), and other has read and execute permissions (r--
).
Broken up into three permission groupings:
u g o
rwx r-x r-x
421 4 1 4 1
And added together:
4+2+1=7 4+1=5 4+1=5
So the final numeric permission is:
755
Example 3
rw-rw-r--
rw- rw- r--
42- 42- 4--
4+2=6 4+2=6 4=4
664
Symbolic Permissions
But what about non-numeric permissions? Those exist too you know.
Alright then, let's do the same examples as above, but use symbolic permissions instead.
Example 1
rw-r--r--
That is really just the three groupings: rw-
, r--
, and r--
.
And each group can drop the dashes and be prepended by the first letter of the group name followed by an equal sign: u=rw
, g=r
, and o=r
.
And so the chmod
command would be:
$ chmod u=rw,g=r,o=r file.ext
Example 2
rwxr-xr-x
Broken up into 3 groups:
u g o
rwx r-x r-x
And grouped together:
u=rwx g=rx o=rx
So the final symbolic permission is:
u=rwx,g=rx,o=rx
Example 3
rw-rw-r--
rw- rw- r--
u=rw- g=rw- o=r--
u=rw g=rw o=r
u=rw,g=rw,o=r
I'll be honest, I mainly use numeric permissions (not sure why) but symbolic permissions are super handy because they allow us to just change one grouping without touching the other groupings we're not interested in, so let's say we just wanted to add a read permission level to the other grouping, the command would be:
chmod o+r file.ext
Or if we would rather take away the read permission level from the other grouping:
chmod o-r file.ext
And that's it! An incredibly basic explanation of permissions, now that it's unleashed from the confines of my notes maybe it can help someone. Somewhere. Someday.