There are many claims about Linux. Is it more secure than Windows? Or is it just more complicated? Although they are widespread in the server area, open source systems haven’t really made their way to PCs. What actually lies behind the cost-effective alternative? Is using a Linux operating system right for you? We’ve got the answers to these questions and more.
Short for ‘change mode’, chmod was developed in the early 1970s at the same time as AT&T’s first version of Unix. In Unix-like multi-user operating systems, chmod is responsible for assigning and changing access rights in file systems that are supported by Unix rights management. This also applies to all standard file systems in conventional Linux derivatives intended for server operation support. Changing access rights with this command can only be carried out by the file owner or the root user.
Linux distributions such as Ubuntu are among the most popular choices for web server operators. One feature that all Unix derivatives share is that files and directories are assigned certain access rights. But users have the ability to change such settings by activating the command line program, ‘chmod’.
How to use chmod?
In general, the system for Unix data rights relies on user classes and individual access rights. Chmod supports two different systems: the symbolic notation using letters and allocation of data rights through digit-based octal codes. As previously mentioned, changes to access rights can only be made by the file owner or root user. Executing the following procedures should always conform to the following syntax:
$ chmod options mode file
The command chmod can be followed by the “options” element which allows further options of the chmod command to be defined. The element “mode” represents the so-called umask that is applied to the “file” (which can also be a directory). This mask contains the information responsible for determining whether or not a user class should receive new access rights or be removed of the rights that they currently have.
What are the chmod classes?
According to the Unix file system, each file on a given Linux server has individual access rights; the same also applies to directories. Managing such access rights is supported through three user classes:
Generally, any user who creates a file in a Unix data system is automatically defined as that file’s ‘user’. Ownership can also be retroactively changed by entering the command ‘chown’.
The user class ‘group’ combines different user accounts on the server. In Unix-like systems, every user’s account is automatically assigned to a group. Assigning users to additional groups still remains possible, however. Group assignment can be configured by both the owner as well as the root user by using the command, ‘chgrp’.
The user class ‘others’ encompasses all users that are neither file owners nor members of a group with access rights. The user class ‘others’ is denoted by the shorthand symbolic notation ‘o’.
The umask can either be created in symbolic or octal notation. Their main features and advantages are briefly summarized in the following paragraph.
In symbolic mode, user classes and access rights are assigned individual letters. The combination of letters makes it easy to specify which rights are added or removed. The following table summarizes the letters for users and rights used in symbolic notation.
Letters for access rights
Reading rights; also referred to as R-bit
Writing rights; also referred to as W-bit
Execution rights; also referred to as X-bit
Letters for users classes
User class “user“
User class “group”
User class “others”
“all”; command referring to all user classes
Umasks created according to symbolic notation make use of the following operands. These are responsible for connecting user classes to file rights:
The operand ‘+’ assigns user classes new file rights. Only affected data rights are overwritten.
The operand ‘-’ removes file rights from a user class.
Should the file rights of a user class be reset, then the operand ‘=‘ is used.
The following chmod command modifies the mock file, example.txt, so that the owner (user) as well other users (group, other) receive writing and reading rights:
$ chmod ugo+rw example.txt
Referencing all the user classes (a) is a possible alternative:
$ chmod a+rw example.txt
When called in the terminal, the file example.txt would display the following rights instead of its original rights:
Access rights prior to change
Access rights after change
user: read, write
group: no rights
other: no rights
a = all
+ = add access rights
r = read
w = write
user: read, write
group: read, write
other: read, write
While easy for users to read, symbolic notation can be cumbersome when regularly used. For this reason, many administrators rely on octal notation to allocate access rights. This method employs a three-figure digit sequence in which each digit represents one of the server’s user classes. Octal notation also follows the standard sequence as laid out per default:
Digit position of user class
Corresponds to the user class ‘user’.
Corresponds to the user class ‘group’.
Corresponds to the user class ‘others’.
Which access rights are assigned to the individual user classes is determined by the value of each digit. This is calculated by the sum of the individual values that the corresponding rights are assigned to:
Value for access right
The following value combinations also result from this allocation:
Octal notation can best be visualized using an example. Let’s assume the user of example.txt wants to grant reading rights to the group ‘examplegroup’.
$ chmod 640 example.txt
With the value ‘6’ placed in first position of the umask, the owner retains the main access rights: 4 (read) + 2 (write). The umask’s second value indicates the access rights granted to the specified group: 4 (read). Other users are not provided with any rights, which corresponds to the value ‘0’ in third place.
Options of chmod commands
Whether users opt for numeric or symbolic notation, there are always multiple options for allocating access rights. These alternatives are added in the command line between the command and the umask:
Access right changes refer to all files and sub-directories within a given folder.
A diagnosis for all the processed files is issued after the shell command.
A diagnosis for all the changed files is issued after the shell command.
Error reports are suppressed
The following example command changes access rights recursively for all sub-directories and files as well as for the folder itself:
$ chmod -R 744 examplefolder
The following applies to all files and subfolders in the directory ‘examplefolder’: the owner receives full access rights (7); group members and other users only have reading access (4).
An example of how to use chmod
In order to get a better understanding of Unix file rights, it may prove helpful to get a glimpse of how access rights for files or directories are displayed in the terminal. Folder content can be displayed in the terminal with the command ‘ls’. Owners or root users can gain information on file rights by using the attribute ‘-l‘.
A possible output for this command would look like this:
total 3 -rwx------ 1 det det 0 2020-02-02 10:41 file1.txt -rw-rw-r-- 1 det det 0 2020-02-02 10:41 file2.txt drwxr-xr-x 2 det det 4096 2020-02-02 10:44 directory
The queried path contains two files (“file1.txt” and “file2.txt”) and one directory (“directory”). Each entrance starts with a 10-digit block which points to the access rights of the files and directory. The digit in the first place specifies what the code is about. For files, the code begins on a minus sign (“-“) as is the case in the first two lines of the example. A “d” (for “directory”) indicates the directory. For links, the “d” would be replaced with a “l” (for “link”).
The advantage of the Unix file system lies in its simple structures. By using multi-user operating systems, complex problems are solvable with minimal effort. Additionally, this approach is intuitive to use and is easy for computer systems to process. Those who do not feel comfortable with their abilities to allocate access rights in the terminal can alternatively rely on file managers. Common FTP programs generally offer a graphic user interface.
What follows are the three basic access rights – with three letters each – which inform on current access rights. These follow octal notation order: block 1 signifies the “user” or owner, block 2 stands for “group” and block 3 for “others”. Within each block, the order is always the same:
- The first digit indicates whether read access (r) is granted
- The second digit shows whether write (w) access is given
- And the third digit signifies if defined user groups have the rights toexecute (x)
Where a letter is placed, the corresponding rights are granted. Alternatively, there will be a minus sign in the corresponding position. Referring back to our example of the two files and the directory the code translates to:
chmod example: adding access rights
To demonstrate how access rights can be amended to include additional user classes, let’s look at an example. Reading and executing rights for File1.txt are currently reserved for the owner only. In order to unlock access rights for all other user classes, the following chmod command should be used:
chmod a+rx file1.txt
All user classes (a) are granted new rights (+) to read (r) and execute (x) the file1.txt.
To view the listing of user rights, the entry for file1.txt looks like this:
-rwxr-xr-x 1 det det 0 2020-02-02 10:41 file1.txt
chmod example: withdraw user rights
In our second example, we’ll withdraw the writing rights in file2.txt for all users (including the owner) using the following chmod command:
chmod a-w file2.txt
The command refers to all user classes (a), and withdraws (-) their writing rights (w) for file2.txt. The final entry is:
-r--r--r-- 1 det det 0 2020-02-02 10:41 file2.txt