Access Basics: chmod, chown, umask

1. The Concept of Access Permissions

When you’re dealing with files or directories in Linux, you often need to manage access to them. Imagine leaving your socks out in the open, and now everyone in the house can use them! Access permissions in Linux help prevent "unauthorized sock usage" (or something more critical, like your scripts). Let’s dive in.

Every file (and directory) in Linux has three sets of access permissions that determine who can read, write, or execute them:

1. Read (r): Lets you view the contents of a file or list files in a directory.
2. Write (w): Allows you to modify the contents of a file or add/remove files from a directory.
3. Execute (x): Gives the ability to execute a file as a program (or enter a directory).

The Three-Level Model

Each permission applies to three categories of users:

• Owner: The person who created the file.
• Group: Users grouped together and assigned to the file.
• Others: Everyone else on the system.

Example of access permissions for a file:

-rwxr-xr--

Let’s break it down:

• The first symbol - indicates that it’s a file (for a directory, it would be d).
• The first three symbols rwx — permissions for the owner (read, write, execute).
• The next three symbols r-x — permissions for the group (read, execute).
• The last three symbols r-- — permissions for others (read only).

---

2. Command chmod: Managing Access Permissions

Symbolic Format

The chmod command modifies access permissions for files and directories. The symbolic format looks like this:

chmod [who][action][permissions] file_name

• Who: u (owner), g (group), o (others), a (all).
• Action: + (add permissions), - (remove permissions), = (set exact permissions).
• Permissions: r (read), w (write), x (execute).

Examples:

# Grant execution permissions to everyone
chmod a+x script.sh

# Add write permissions for the group only
chmod g+w file.txt

# Remove read permissions for others
chmod o-r document.txt

Octal Format

The octal (or numeric) format is more compact but requires understanding the "magic of numbers." In this format, each combination of permissions is represented as a number:

• r = 4
• w = 2
• x = 1

Permissions are summed up:

• rwx = 7 (4 + 2 + 1)
• rw- = 6 (4 + 2)
• r-- = 4

Format:

chmod [number][number][number] file_name

Example:

# Set rwx permissions for the owner, r-x for the group, r-- for others
chmod 754 file.sh

---

3. Changing File Ownership: chown Command

If you need to assign a file to another user (or group), the chown command will help.

Format:

chown [user]:[group] file_name

Examples:

# Assign ownership to user user1
chown user1 myfile.txt

# Assign both owner and group
chown user1:group1 myfile.txt

# Change only the group
chown :group2 myfile.txt

---

4. Default Mask: umask

When you create a file, its permissions are defined by the system. For example, the permissions could be rw-r--r--. But where do they come from? The answer: from the umask command.

What is umask?

umask determines which permissions will not be set for new files.

For example:

• Base permissions for a file: 666 (no execution).
• Mask: 022.
• Final permissions: 644 (666 - 022).

Commands:

• View the current mask: umask
• Set a new mask: umask 0022

Example:

# Set the mask so new files have rw-rw-r--
umask 0002

---

5. Admin Rights and sudo

What is sudo?

sudo (short for "superuser do") is a command in Linux and Unix-like systems that allows a user to execute commands as a superuser (root) or another user with elevated privileges.

The sudo system provides temporary access to administrative capabilities without needing to constantly operate under the root account, reducing the risks of accidental or malicious system changes.

How does sudo work?

Command execution:

When you enter a command with sudo, the system checks if your user has the right to execute commands with elevated privileges.

For example:

sudo apt update

Authentication:

When you use sudo for the first time in the current session, the system will ask for the current user's password (not root's).

After entering the password successfully, the system saves the authentication for a short period (usually 5-15 minutes) so it doesn't ask for a password for every command.

Command execution:

If the user has permissions specified in the sudo configuration, the command will run with superuser privileges.

Main Functions and Commands of sudo

Running a command with privileges:

sudo <command>

For example:

sudo apt install nginx

Executing a command as another user: Use the -u flag:

sudo -u <username> <command>

For example:

sudo -u user1 ls /home/user1

Getting an administrative terminal: Start a shell as root:

sudo -i

or:

sudo su

Viewing sudo configuration:

sudo -l

Shows the commands the current user is allowed to execute.

Editing sudo configuration:

sudo visudo

This command opens the /etc/sudoers configuration file for safe editing.

6. Examples

Let’s try applying our knowledge in practice.

Task 1: Manage permissions with chmod

1. Create a file:

   touch myfile.txt
   

2. Set read, write, and execute permissions for the owner:

   chmod u+rwx myfile.txt
   

3. Add read-only permissions for others:

   chmod o+r myfile.txt
   

4. Check the permissions:

   ls -l myfile.txt
   

Task 2: Change owner with chown

1. Create a file:

   touch ownedfile.txt
   

2. Change the owner to user user1 (admin rights are required):

   sudo chown user1 ownedfile.txt
   

3. Check the changes:

   ls -l ownedfile.txt
   

Task 3: Experiment with umask

1. Check the current mask:

   umask
   

2. Set the mask to 027:

   umask 027
   

3. Create a new file:

   touch newfile.txt
   

4. Check the permissions of the created file:

   ls -l newfile.txt
   

---

7. Common Mistakes and Peculiarities

1. Forgot sudo when changing the owner: Only an administrator can change the file owner. If you get the error "Operation not permitted," try adding sudo.
2. Wrong order in the chmod command: Changed permissions for the wrong object. Make sure you selected the correct file or directory.
3. umask only affects new files: If you're trying to change permissions of already existing files using umask, it won't work. Use chmod instead.

Did you know that Linux access rights are so flexible that you can create a file that only one person in the entire universe can "see"? As they say, with great power comes great responsibility! Now, armed with chmod, chown, and umask, you're ready to make your Linux systems not only convenient but also secure.