There are several ways to set permissions on folders in a Linux machine. Many Linux experts with far more knowledge than myself have already created tons of online resources to discuss this topic, so this is just a quick overview of configuring privileges to directories and files numerically with three digits.
Understanding Existing Privileges
Every directory/file in Linux has three possible privileges:
- r – Read
- For a directory, users with this privilege can see which files are within the directory.
- For a file, users with this privilege can read the contents of the file.
- w – Write
- For a directory, users with this privilege can create new files.
- For a file, users with this privilege can modify the file.
- x – Execute
- For a directory, users with this privilege can use the directory; for example, by using the command cd /ssh_keys to open the ssh_keys directory.
- For a file, users with this privilege can run the file. For example, this determines whether or not a user can execute the Python script called demo_file_3.py mentioned later in this post.
Every directory/file in Linux also has three different sets of users for which privileges can be granted:
- Owner – The user specifically named as the owner
- Group – All members of the named group
- Other – Everybody else
When we run the ls -l command in Linux, we can see the current permissions for each file/subdirectory, along with the current owner and group. Here is an example output:
Let’s break this output into a clearer table and add some headers:
On the far left side of the output, we can see a string similar to the following for each of our directories/files:
drwxr-xr--.
This looks confusing, but it is actually quite simple to read. Firstly, the d simply means that this is a directory, not a file. Notice how all of the files in our output start with a – instead. Lastly, the . at the end can be ignored for the sake of this quick intro.
Between the start and end characters, we can see another nine letters. These actually split into three sets of three letters. These are the privileges for the owner (rwx for read/write/execute), followed by the privileges for the group (r-x meaning only read/execute) and finally the privileges for everybody else (r– meaning only read).
To explain this in more detail, I have broken our examples out in the following table:
Understanding Privileges Numerically
We have seen here that users can have read/write/execute access in any combination from rwx to —. We can instead think of this as three potential true/false options, represented by one (1) when true and zero (0) when false:
This simple table allows us to convert any set of three permissions into a single decimal number by combining the three options into a single binary number, then converting that binary to decimal.
We can now convert our previous privileges text into binary. Let’s use drwxr-xr–. as an example. Remember that the first number indicates “true” that the object is a directory, and we are ignoring the final period (.) :
1111101100.
Since the middle nine numbers are actually three sets of three numbers (for the owner, the group and everybody else), we can also display this using decimals. The owner has rwx access, which converts to 111 in binary and equates to 7 in decimal. The group has r-x access, which converts to 101 in binary and equates to 5 in decimal. Finally, everybody else has r– access, which converts to 100 in binary and equates to 4 in decimal.
This gives us the following conversion for our original privileges text of drwxr-xr–:
1754
Another way of saying this is that privileges on a directory/file in Linux can be considered with the following seven numbers:
- eXecute
- Write
- Write and eXecute
- Read
- Read and eXecute
- Read and Write
- Read, Write and eXecute – aka Full access
If you prefer, you can forget the binary side of things and just remember the following three numbers:
- 1 – eXecute
- 2 – Write
- 4 – Read
You can then make any other combination required by simply adding these numbers together. For example, if we want to grant permissions to both Read and eXecute, the decimal is 4 + 1, totaling 5.
I prefer to show how we get here through the binary, but the outcome is the same if you prefer to simply refer to the decimals list or the below table directly.
We can now convert our previous permissions table into decimal:
Configuring Privileges Numerically
This quick intro to numerically configuring privileges is nearly over. Fortunately, the end is nice and simple once we understand how to interpret privileges numerically from the previous section.
We can use the chmod command to change the privileges for a file or directory. The command is chmod because we are actually changing the “mode” of the object (if you are curious about the name); however, I just think of it as changes to the access privileges. To use this command, provide the intended permissions in a decimal format, followed by the directory/file that you wish to modify.
chmod nnn /file/path/name
For example, we could use the following command to prevent anybody other than a file’s owner from interacting with it at all, whilst also granting full permissions to the owner:
chmod 700 /file/path/name
Here is one final table to show how permissions were granted to each of our example directories and files:
And so concludes this quick introduction to numerically configuring privileges in Linux!