I've never really got how chmod
worked up until today. I followed a tutorial that explained a big deal to me.
For example, I've read that you've got three different permission groups:
- owner (
u
) - group (
g
) - everyone (
o
)
Based on these three groups, I now know that:
- If the file is owned by the user, the user permissions determine the access.
- If the group of the file is the same as the user's group, the group permission determine the access.
- If the user is not the file owner, and is not in the group, then the other permission is used.
I've also learned that you've got the following permissions:
- read (
r
) - write (
w
) - execute (
x
)
I created a directory to test my newly acquired knowledge:
mkdir test
Then I did some tests:
chmod u+rwx test/
# drwx------
chmod g+rx test/
# drwxr-x---
chmod u-x test/
# drw-r-x---
After fooling around for some time I think I finally got the hang of chmod
and the way you set permission using this command.
But…
I still have a few questions:
- What does the
d
at the start stand for? - What's the name and use of the containing slot and what other values can it hold?
- How can I set and unset it?
- What is the value for this
d
? (As you only have 7=4+2+1 7=4+2+1 7=4+2+1) - Why do people sometimes use
0777
instead of777
to set their permissions?
But as I shouldn't be asking multiple questions, I'll try to ask it in one question.
In UNIX based system such as all Linux distributions, concerning the permissions, what does the first part (d
) stand for and what's the use for this part of the permissions?
Best Answer
I’ll answer your questions in three parts: file types, permissions, and use cases for the various forms of
chmod
.File types
The first character in
ls -l
output represents the file type;d
means it’s a directory. It can’t be set or unset, it depends on how the file was created. You can find the complete list of file types in the ls documentation; those you’re likely to come across are-
: “regular” file, created with any program which can write a fileb
: block special file, typically disk or partition devices, can be created withmknod
c
: character special file, can also be created withmknod
(see/dev
for examples)d
: directory, can be created withmkdir
l
: symbolic link, can be created withln -s
p
: named pipe, can be created withmkfifo
s
: socket, can be created withnc -U
D
: door, created by some server processes on Solaris/openindiana.Permissions
chmod 0777
is used to set all the permissions in onechmod
execution, rather than combining changes withu+
etc. Each of the four digits is an octal value representing a set of permissions:suid
,sgid
and “sticky” (see below)The octal value is calculated as the sum of the permissions:
For the first digit:
suid
is 4; binaries with this bit set run as their owner user (commonlyroot
)sgid
is 2; binaries with this bit set run as their owner group (this was used for games so high scores could be shared, but it’s often a security risk when combined with vulnerabilities in the games), and files created in directories with this bit set belong to the directory’s owner group by default (this is handy for creating shared folders)root
(see/tmp
for a common example of this).See the
chmod
manpage for details. Note that in all this I’m ignoring other security features which can alter users’ permissions on files (SELinux, file ACLs...).Special bits are handled differently depending on the type of file (regular file or directory) and the underlying system. (This is mentioned in the
chmod
manpage.) On the system I used to test this (withcoreutils
8.23 on anext4
filesystem, running Linux kernel 3.16.7-ckt2), the behaviour is as follows. For a file, the special bits are always cleared unless explicitly set, sochmod 0777
is equivalent tochmod 777
, and both commands clear the special bits and give everyone full permissions on the file. For a directory, the special bits are never fully cleared using the four-digit numeric form, so in effectchmod 0777
is also equivalent tochmod 777
but it’s misleading since some of the special bits will remain as-is. (A previous version of this answer got this wrong.) To clear special bits on directories you need to useu-s
,g-s
and/oro-t
explicitly or specify a negative numeric value, sochmod -7000
will clear all the special bits on a directory.In
ls -l
output,suid
,sgid
and “sticky” appear in place of thex
entry:suid
iss
orS
instead of the user’sx
,sgid
iss
orS
instead of the group’sx
, and “sticky” ist
orT
instead of others’x
. A lower-case letter indicates that both the special bit and the executable bit are set; an upper-case letter indicates that only the special bit is set.The various forms of chmod
Because of the behaviour described above, using the full four digits in
chmod
can be confusing (at least it turns out I was confused). It’s useful when you want to set special bits as well as permission bits; otherwise the bits are cleared if you’re manipulating a file, preserved if you’re manipulating a directory. Sochmod 2750
ensures you’ll get at leastsgid
and exactlyu=rwx,g=rx,o=
; butchmod 0750
won’t necessarily clear the special bits.Using numeric modes instead of text commands (
[ugo][=+-][rwxXst]
) is probably more a case of habit and the aim of the command. Once you’re used to using numeric modes, it’s often easier to just specify the full mode that way; and it’s useful to be able to think of permissions using numeric modes, since many other commands can use them (install
,mknod
...).Some text variants can come in handy: if you simply want to ensure a file can be executed by anyone,
chmod a+x
will do that, regardless of what the other permissions are. Likewise,+X
adds the execute permission only if one of the execute permissions is already set or the file is a directory; this can be handy for restoring permissions globally without having to special-case files v. directories. Thus,chmod -R ug=rX,u+w,o=
is equivalent to applyingchmod -R 750
to all directories and executable files andchmod -R 640
to all other files.