From Fedora Project Wiki

Permissions - Command Line Interface

The umask and Default Permissions

The umask defines the default permissions when creating a file or directory. The default permissions for directories is calculated using 777 - umask value. The default permissions for files is calculated using 777 - umask value - execute permissions.

The umask value for normal users is 002. The root user has a umask of 022. Files created by a normal users will have a default mode of 664. This gives the owner read and write permissions, the group read and write permissions, and everyone else read permissions. Use the umask command without specifying a value to view your current umask:

$ umask
0002

Directories created by normal users will have default mode of 775. This gives the owner read, write, and execute permissions, the group read, write and execute permissions, and everyone else read and execute permissions.

You can change the umask value using the umask command. However, this only applies for the current session. Add the umask command to your ~/.bashrc file to make the changes permanent. The following command changes the umask value to 077:

umask 077

To retain this umask value, add umask 077 to your ~/.bashrc file. When you create a file, the default mode will be 600. This gives the owner read and write permissions. The group and everyone else have no permissions:

touch file1
ls -l file1
-rw------- 1 user1 user1 0 2007-10-24 21:29 file1

Symbolic Method

Please refer back to the table on the Introduction page at any time.

To add a permission to a user, group, or everyone else, use the + symbol. The following example adds execute permissions for the owner (u):

chmod u+x file1

To add execute permissions to the owner, and the group, use the following command:

chmod u+x,g+x file1

Please note there is no space between the u+x and g+x. Permissions do not have to be specified separately. The following has the same result as running the chmod u+x,g+x file1 command:

chmod ug+x file1

You must list all permissions needed when you assign permissions using the = symbol. For example, if the owner of the file1 file has read, write, and execute permissions, the follow command removes all but the owners read permissions:

chmod u=r file1

Note, if the group and everyone else had permissions, the previous command would not remove those permissions. You must only list all the permissions if you specify the owner, group, or everyone else when using the chmod command.

Use the - symbol to remove permissions. For example, if the owner of the file1 file had execute permissions, the following command would remove those permissions:

chmod u-x file1

Numeric Method

Please refer back to the table on the Introduction page at any time.

To set permissions using the numeric method, use the chmod xxx command, where xxx are values between 0 and 7. The table on the Introduction page describes the permissions each value (0-7) applies. The first value is the permission for the owner. The second value is for the group, and the third value is for everyone else.

Use the following command to assign the owner read, write, and execute permissions, and remove all permissions for the group and everyone else:

chmod 700 file1

View the permissions using the ls -l command:

ls -l
-rwx------ 1 user1 user1 0 Oct 27 16:02 file1

Use the following command to add read and write permissions for the file1 file for the owner, group, and everyone else:

chmod 666 file1

To change permissions on a folder, and all files and sub-directories within that folder, use the -R option:

chmod -R 700 folder1

This applies mode 700 permissions to the folder1 folder, and recursively changes the permissions of all files and sub-directories within the folder1 folder.

Permissions on Directories

Execute permissions on a directory do not allow files within that directory to be executed. Rather, it allows users to change into that directory using the cd command. It also allows you to perform a long listing, and view permissions using the ls -l command. However, files within a directory can be executed if said files have execute permissions.


Administration Guide - TOC Previous Page - Introduction Next Page: Managing Permissions Using the GUI