July 18, 2019
Every so often I’ll be setting up a project and run into file permission issues. Most times, I’ll Google the error and come across a forum post that’s something like
chmod 755 ./file.txtin Terminal and you’ll be fine.
So while this works, it would be much better if I actually knew that this line was doing.
The first part is easy:
chmod is the name of the process that actually changes the permissions on the file I want.
The last part is even easier: It’s the path to the file I want to change the permissions on.
But that’s that
755 about? How does that relate to file permissions?
Unix permissions basics
Very basically, file permission roles are broken up into 3 types of people: User, Group and World.
User is the owner of the file.
Group is a special set of users can have special privileges on the file.
Others is everyone else.
Additionally, there are four types of permissions: Read, Write, Execute, and None. Read, Write and None are self explanatory. Having the “execute” permission means that you can run the file, as opposed to simply opening it or editing it. This is usually for files that are executable by the system like shell scripts or similar.
For example: If you have Read and Write permissions for
./file.sh, you can open it, and you can edit it. But without the “Execute” permission, you can’t run the script.
Try something out for me: Open up a terminal, go to a directory with a bunch of files, and type
ls -l. This will list all the files in the directory (
ls) in a long format (
-l). You’ll get something like this:
Look on the very left column, and you’ll see a combination of 10
-‘s. This is not a random jumble of letters, but actually a lineup of permissions:
- The first digit is the directory flag. If the row describes a directory, it’ll be
d, otherwise it will be
- The next three digits are the User permissions. This is set up in order
rwxor “Read, Write, Execute.
- The next three are the Group permissions, set up the same as the User
- The next three are Other permissions
Let’s take this line for example
-rw-r--r-- 1 stevewashington staff 805 Jul 17 19:11 package.json
We can take that first column, and break it up into 4 sections:
- >> This is the directory flag. package.json is not a directory, so this is ’-’
rw- >> these next three digits are the “User” section. So the Owner (“stevewashington”) can Read the file, Write to the file, but not Execute it.
r-- >> These are the “Group” permissions. Anyone in the defined Group (“staff”) can read the file, but not write to it or execute it.
r-- >> These are “Other” permissions, which are the same as “Group,” can read, but not write or execute.
Okay but what about the numbers?
The number in the
chmod command (
755 in the example above) are in “octal”, or base-8. Each digit can hold a number from 0-7, and the number 8 is “10” in octal.
You may notice that the number has 3 digits. You may also see that there are three permissions roles, User, Group, and Other. Put these together, and you can read these as separate permission sets: User is 7, Group is 5, and Other is also 5.
So now we just need to convert each digit from octal to a set of 3 letters:
rwx. And we will be using binary as an intermediary:
Here we have the conversions for each digit in
755 to binary (as in “seven, five, five”, not “seven hundred fifty five”)
Here’s another “coincidence”, the binary numbers also have 3 digits! So we can turn on or off “rwx” flags based on whether the binary number is 1 or 0:
If we mash them together, we see that
chmod 755 ./file.txt means:
- the owner can read, write, and execute it
- the defined group can read it and execute it
- everyone else can also read and execute it
Knowing this, this is actually fairly open permissions for a file. Are you use you want absolutely everyone to be able to execute a program on your server? 🤔
package.json example from above, we can work it out backwards:
So copying the permissions of
package.json we’d use something like
chmod 644 ./file.txt. This means for package.json:
- the owner can read, write, but not execute it
- the defined group can only read it
- everyone else can only read it as well
Which makes sense! You can’t really “execute” .json files, so there’s no reason to give that permission to anyone.
This was a basic overview of Unix(-like) permissions and how to understand them. Now you know what
chmod 755 ./file.sh means, and can make smart decisions to fix your issue. This is a crucial part (and only a part!) in keeping your files and server safe.
Photo by Alex Martinez on Unsplash