Change Permissions on Files and Directories Using Numeric Permissions

chmod [0-7][0-7][0-7]

Numeric permissions (also known as octal permissions) are built around the binary numeric system. We're going to skip the complicated reasons why the permissions have certain numbers and focus on the end meaning: read (r) has a value of 4, write (w) is 2, and execute (x) is 1. Remember that Linux permissions recognize three user groupsthe owner, the group, and the worldand each user group can read, write, and execute. (See Table 7.3.)

Permissions under this schema become a matter of simple addition. Here are a few examples:

• A user has read and write permissions for a file or directory. Read is 4, write is 2, and execute is 0 (because it's not granted). 4 + 2 + 0 = 6.

• A user has read and execute permissions for a file. Read is 4, write is 0 (because that permission hasn't been granted), and execute is 1. 4 + 0 + 1 = 5.

• A user has read, write, and execute permissions for a directory. Read is 4, write is 2, and execute is 1. 4 + 2 + 1 = 7.

Under this method, the most a user group can have is 7 (read, write, and execute), and the least is 0 (cannot read, write, or execute). Because there are three user groups, you have three numbers, each between 0 and 7, and each representing what permissions that user group has associated with it. Table 7.4 shows the possible numbers and what they mean.

Although a wide variety of permissions can be set, a few tend to reappear constantly. Table 7.5 shows the common permissions and what they mean.

Caution

Yes, you can set chmod 000 on a file or directory, but now the only user who can do anything with it or use chmod to change permissions again is root.

Octal permissions should now make a bit of sense. They require a bit more cogitation to understand than alphabetic permissions, but they also allow you to set changes in one fell swoop. Let's revisit the examples from "Change Permissions on Files and Directories Using Alphabetic Notation" but with numbers instead.

Let's say you want to allow members of the family group to be able to change a picture.

$ ls -l -rw-r--r-- 1 scott family ... libby.jpg $ chmod 664 libby.jpg $ ls -l -rw-rw-r-- 1 scott family ... libby.jpg 

What if you had wanted to give both the family group and all other users write permission on the file?

$ ls -l -rw-r--r-- 1 scott family ... libby.jpg $ chmod 666 libby.jpg $ ls -l -rw-rw-rw- 1 scott family ... libby.jpg 

You realize you made a mistake, and you need to remove the capability of the family group and the world to alter that picture and also ensure that the world can't even see the picture.

$ ls -l -rw-rw-rw- 1 scott family ... libby.jpg $ chmod 640 libby.jpg $ ls -l -rw-r----- 1 scott family ... libby.jpg 

This example shows the key advantage of this method. What took two steps with alphabetic notationfirst chmod go-w and then chmod o-r (or chmod g=r and then chmod o=)only takes a single command with numeric notation. For this reason, you often see advanced Linux gurus use octal notation because it's quicker and more seemingly precise.