Who Can Do What?

From time to time, you may need to modify file permissions. One reason has to do with security. The most common reason, however, is to make a shell script file executable. This is done with the chmod command.

chmod mode filename

For instance, if you have a script file called list_users, you make it executable with the following command:

chmod +x list_users

That command will allow execute permissions for all users. If you want to make the file executable for the owner and group only, you specify it on the command line like this:

chmod u+x,g+x list_users

The u means "user" (the owner of the file, really), and g stands for "group." The reason you use u for the owner instead of o is that the o is being used for "other," meaning everyone else. The chmod +x list_users command can then be expressed as:

chmod u+x,g+x,o+x list_users

Unfortunately, this starts to get a bit cumbersome. Now let's look at a much more complicated set of permissions. Imagine that you want your list_users script to have read, write, and execute permissions for the owner, read and execute for the group, and read-only for anybody else. The long way is to do this is as follows:

chmod u=rwx,g=rx,o=r list_users

Notice the equal sign (=) construct, rather than the plus sign (+). That's because the plus sign adds permissions, and in this case you want them to be absolute. If the original permissions of the file allowed write access for "other," the plus sign construct would not have removed the execute permission. Using the minus sign (-) removes permissions. If you want to take away execute permission entirely from a file, you can do something like this:

chmod ?x list_users

One way to simplify the chmod command is to remember that r is 4, w is 2, and x is 1, and add up the numbers in each of the three positions. rwx is then 4 + 2 + 1, or 7; r-x translates to 4 + 1; and x is simply 1. That monster from the second-to-last example can then be rewritten like this:

chmod 751 list_users