How to Recursively Change File Permissions in Linux

$ chmod -R 700 directory

Linux is one of the most secured computing environment because it is a permission based system. Linux’s file and directory structure is all based on the the presumption that we have the proper rights to access them from the current system user trying to.

In this tutorial we will learn by examples about file permissions in Linux and how to change them recursively.

File Permissions

In Linux all files, directories, hardware devices and virtual devices in the system all are set up with a permission model system. Linux associates a system user and a system group to each file in the system. It assigns permission access rights to each file in three classes.

One of them, the system user associated, becomes the Owner of the file. The owner of the file is listed in the properties of the file. The owner may have direct access to the file. The second class are the Group Members, group members consist of one or more users that belong to a group. Whichever system user is a member of that group may have direct access to the file. The last access rights class are Others, others are, as the name implies, everybody else in the system that is not the root user, the owner or a member of the file’s assigned group.

Three file permission types apply to these three access rights classes:

  • The first permission type is the read access permission. The read file permission tells Linux that the user has rights to access the file and read it’s content. It has direct access but limited to only be able to read the file.
  • The second permission type is the write access permission. The write file permission tells Linux the user has rights to access the file, read it’s content and write content to it.
  • The third permission type is the execute access permission. The execute file permission tells Linux that the user has rights to access the file and execute them.

Read access simply means access to open the file and read it’s content. Whatever it’s content are the system user will be able to read it. Like for example opening a text document or playing a video file.

Write access means to be able to write into the file content, code or anything that requires to modify it by writing into it. While write and read access are managed independently in Linux, and it’s possible to have write access without having read access, they almost always go together. Writing access allows you to open the same text file as before, write content and saving the newly modify file.

Execute permission means the right to execute them, to allow the operating system to run them, if they are programs, utilities or scripts written to be run as an application. For example all of the files of a video editor application are set to execute in order for the user be able to open and run the program.

How To List File Permissions

Now that we understand the different permission classes, assignments and types, let’s see how to identify them.

ls -l

word image 10849 1

Listing the files with a simple ls -l option will allow us to see the current file permissions of files in a directory.

The -rw-rw-r-- portion of the listed files denotes it’s file permissions.

How To Read File Permissions

File permissions are represented in the command line and other programs with a string of letters. Let’s create a directory named football with the mkdir utility.

mkdir football
Output
drwxrwxr-x 2 demouser demouser 4096 May 11 15:46 football

The first character of the string of permission characters represents the file type.

These can be:

  • A d for a directory.
  • A - for a regular file.
  • A l for links.
  • A b for block device file.
  • A p for a pipe file.
  • A c for a character device file.
  • A s for a socket file.

The most we will ever see are d for directories, l for links and – for almost all the individual files in Linux.

After the first character comes 3 sets of 3 characters each. In our example one set is rwx, the second set is rwx, and the third set is r-x.

The first set represents the permissions for the Owner. The second set represents the permissions for the Group. The third set represents the permissions for Other.

The first character of the set represents the read permission. The second character represents the write permission. The third character represents the execute permission.

If the class has the permission it is represented with the letter of that permission such as r w x, if the class doesn’t have permission it is represented with the – character.

Let’s take another look at the football directory we just created.

drwxrwxr-x 2 demouser demouser 4096 May 11 15:46 football

We can see two times demouser is listed. The first demouser is the Owner of the file, the system user assigned to this file. The second demouser is the Group which this file is a member of.

So from everything we have learned so far, we know that football is a directory; the first character d. We know that the Owner is system user demouser and it has the [r]read [w]rite e[x]ecute permission; the first set drwx. We know that the Group the file belongs to is a group named demouser with the permissions rwx; the first and second set drwxrwx. And we know that Other users of the system have read and execute rights but without write permission; first and second and third set drwxrwxr-x.

Now, from a simple listing of files in the command line, we learned how to read file permissions, and to see who is the Owner of the file and to which system group it belongs to.

Changing File Permissions By Number

File ownership can be changed using the chown utility and group ownership can be changed with the chgrp utility. Meanwhile file permissions can be changed with the chmod utility.

chmod 700 football

In this demonstration we are changing the permission of our football directory. With the chmod utility we told it to change to permission 700. Later we can see by listing that the football directory does not have anymore the permission drwxrwxr-x but instead it has the drwx------. Permission 700 is the same as drwx------ just expressed by numbers.

Numbers 0 to 7 can express read, write and execute permissions. It might seem difficult but I assure you it’s really easy to grasp the concept.

  • The number 0 represent, No Read No Write No Execute.
  • The number 1 represent, No Read No Write Yes Execute.
  • The number 2 represent, No Read Yes Write No Execute.
  • The number 3 represent, No Read Yes Write Yes Execute.
  • The number 4 represent, Yes Read No Write No Execute.
  • The number 5 represent, Yes Read No Write Yes Execute.
  • The number 6 represent, Yes Read Yes Write No Execute.
  • The number 7 represent, Yes Read Yes Write Yes Execute.

When changing file permissions with chmod we use the first digit to represent the Owner, the second digit to represent the Group, and the third digit to represent Others.

In our chmod 700 football example, we told it with the first digit for the Owner to have permission 7; Yes Read Yes Write Yes Execute. We told it with the second digit for the Group to have permission 0; No Read No Write No Execute. And we finally we told it for Others to have permission 0; No Read No Write No Execute. Express with the strings of characters as drwx------.

Using this numbers chart of permissions we can change every file in the system to any combination we want. Of course only the root user, the file owner, or user with sudo privileges can change the permissions of files.

Changing File Permissions Recursively

In Linux and specifically in the command line, recursively is a word used a lot. It’s a way to tell the command that we are inputting to perform it not just on the directory we want but to do it for every file inside the directory in a recursive manner.

If we see inside our football directory we can see there are 3 non-directory files in there. They all have the permission -rw-rw-r-- or express with numbers as 664.

word image 10849 2

Remember we changed the directory permission to 700 but the files inside are set to 664. That is because we didn’t change the permission recursively.

To change file permissions recursively with chmod we have to use the -R option, note that it’s a capital R.

chmod -R 700 football

After we made the permissions change, we changed directory with the cd command into the football directory and listed the files we previously saw. This time the files inside have the same permission as the parent directory.

Another popular method to change file permissions recursively is using the find utility. With find we look for file types and command it to execute a file permission change.

Generally speaking, files and directories should not have the same permissions. The execute permission is not needed for most simple files, but directories always need to execute in order to be able to change directory with the cd command into them. So one way to change permissions is to search for specific types and change recursively their permission.

find ~/documents/sports/basketball -type d -exec chmod -R 755 {} \;
find ~/documents/sports/basketball -type f -exec chmod -R 644 {} \;

The first command is for directories -type d and the second command is for files -type f. 755 and 644 are just examples and you can change to whichever permission you need. In this example the find utility searches for file and directories inside a specific starting directory that we provided and with the -exec option we tell it run the chmod -R function as normally we would.

The only difference in this example is that find will provide files of only the type we are searching for, that is either only files or only directories. Then chmod will do it’s normal function to only those files. It’s an easier way to do selective recursive file permission changes.

Using the recursive option when changing file permissions can be dangerous if we aren’t sure if all the files in the file tree of that directory need execution permission for example. It’s specially more dangerous when it’s a web serving application, because any unintended execute permission might open our server to be hack easily. So always thread carefully when recursively changing file permissions.

Conclusion

Learning and working with file permissions in Linux is a necessity. The Linux permissions model works great because it allows a system to have an unlimited number of users, all living and functioning in a secure environment.

While recursively changing file permissions saves us a ton of time and it’s an incredible effective tool, we always have to be mindful of its dangers. It’s one area of Linux administration that is worth to learn properly so we don’t make unintended mistakes.

0 Shares:
Subscribe
Notify of
guest
Receive notifications when your comment receives a reply. (Optional)
Your username will link to your website. (Optional)

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
You May Also Like