What are the minimum permissions needed to change to a directory in Linux?

Actually, moving a file is either a rename of a file on a single file system or creating a copy and deleting the original (typically only done if the move is a migration from one file system to another).

In either case you need execute and of course write permissions to the target directory and the source directory. However, for a mere rename (and moving from one directory to another can be just that) on a single file system you do not need any permissions on the file itself. It can be cleared of all permissions and still you can move (rename) it (as long as you have write and execute permissions for the directories).

For a real copy (as it is needed when you move the file to a different file system), you need read permissions on the file itself. No write permissions on the original are necessary, as deletion of a file is not writing to it (but to the directory it is in).

Unix-like operating systems, such as Linux, running on shared high-performance computers use settings called permissions to determine who can access and modify the files and directories stored in their file systems. Each file and directory in a file system is assigned "owner" and "group" attributes.

Most commonly, by default, the user who creates a file or directory is set as owner of that file or directory. When needed (for example, when a member of your research team leaves), the system's root administrator can change the user attribute for files and directories.

The group designation can be used to grant teammates and/or collaborators shared access to an owner's files and directories, and provides a convenient way to grant access to multiple users.

View file permissions

To view the permissions for all files in a directory, use the

-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example

6 command with the

-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example

7 options. Add other options as desired; for help, see List the files in a directory in Unix.

For example, if you enter:

ls -lah

You should see output similar to the following:

-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example

In the output example above, the first character in each line indicates whether the listed object is a file or a directory. Directories are indicated by a (

-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example

8); the absence of a

-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example

8 at the beginning of the first line indicates that

chmod a+r myfile

0 is a regular file.

The letters

chmod a+r myfile

1 represent different permission levels:

PermissionFilesDirectories

chmod a+r myfile

2can read the filecan

-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example

6 the directory

chmod a+r myfile

4can write the file

can modify the directory's contents

chmod a+r myfile

5can execute the filecan

chmod a+r myfile

6 to the directory

Note the multiple instances of

chmod a+r myfile

2,

chmod a+r myfile

4, and

chmod a+r myfile

5. These are grouped into three sets that represent different levels of ownership:

• Owner or user permissions: After the directory (

  -rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
  drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example
  

  8) slot, the first set of three characters indicate permission settings for the owner (also known as the user).

  In the example

   chmod +r myfile

  1, the owner permissions are

   chmod +r myfile

  2, indicating that the owner can read and write to the file but can't execute it as a program.

  In the example

   chmod +r myfile

  3, the owner permissions are

  chmod a+r myfile

  1, indicating that the owner can view, modify, and enter the directory.

• Group permissions: The second

  chmod a+r myfile

  1 set indicates the group permissions. In the fourth column of the example above,

   chmod +r myfile

  6 is the group name.

  In the example

   chmod +r myfile

  1, group members can only read the file.

  In the example

   chmod +r myfile

  3, group members can view as well as enter the directory.

• Other permissions: The final

  chmod a+r myfile

  1 set is for "other" (sometimes referred to as "world"). This is anyone outside the group. In both examples above, these are set to the same permissions as the group.

Change file permissions

To change file and directory permissions, use the command

 chmod go-rw myfile

0 (change mode). The owner of a file can change the permissions for user (

 chmod go-rw myfile

1), group (

 chmod go-rw myfile

2), or others (

 chmod go-rw myfile

3) by adding (

 chmod go-rw myfile

4) or subtracting (

 chmod go-rw myfile

5) the read, write, and execute permissions.

There are two basic ways of using

 chmod go-rw myfile

0 to change file permissions: The symbolic method and the absolute form.

Symbolic method

The first and probably easiest way is the relative (or symbolic) method, which lets you specify permissions with single letter abbreviations. A

 chmod go-rw myfile

0 command using this method consists of at least three parts from the following lists:

Access classOperatorAccess Typeu (user)+ (add access)r (read)g (group)- (remove access)w (write)o (other)= (set exact access)x (execute)a (all: u, g, and o)

For example, to add permission for everyone to read a file in the current directory named

 chmod go-rw myfile

8, at the Unix prompt, enter:

chmod a+r myfile

The

 chmod go-rw myfile

9 stands for "all", the

 chmod go-rw myfile

4 for "add", and the

chmod a+r myfile

2 for "read".

Note:

This assumes that everyone already has access to the directory where

 chmod go-rw myfile

8 is located and its parent directories; that is, you must set the directory permissions separately.

If you omit the access class, it's assumed to be all, so you could also enter the previous example as:

 chmod +r myfile

You can also specify multiple classes and types with a single command. For example, to remove read and write permission for group and other users (leaving only yourself with read and write permission) on a file named

 chmod go-rw myfile

8, you would enter:

 chmod go-rw myfile

You can also specify that different permissions be added and removed in the same command. For example, to remove write permission and add execute for all users on

 chmod go-rw myfile

8, you would enter:

 chmod a-w+x myfile

In each of these examples, the access types that aren't specified are unchanged. The previous command, for example, doesn't change any existing settings specifying whether users besides yourself may have read (

chmod a+r myfile

2) access to

 chmod go-rw myfile

8. You could also use the exact form to explicitly state that group and other users' access is set only to read with the

 chmod a-w+x myfile

7 operator:

chmod go=r myfile

The

 chmod go-rw myfile

0 command also operates on directories. For example, to remove write permission for other users on a subdirectory named

 chmod a-w+x myfile

9, you would enter:

chmod o-w mydir

To do the same for the current directory, you would enter:

chmod o-w 

To change permissions recursively in all subdirectories below the specified directory, add the

chmod go=r myfile

0 option; for example, to grant execution permissions for other users to a directory (

 chmod a-w+x myfile

9) and all the subdirectories it contains, you would enter:

chmod -R o+x mydir

Be careful when setting the permissions of directories, particularly your home directory; you don't want to lock yourself out by removing your own access. Also, you must have execute permission on a directory to switch (

chmod a+r myfile

6) to it.

Absolute form

The other way to use the

 chmod go-rw myfile

0 command is the absolute form, in which you specify a set of three numbers that together determine all the access classes and types. Rather than being able to change only particular attributes, you must specify the entire state of the file's permissions.

The three numbers are specified in the order: user (or owner), group, and other. Each number is the sum of values that specify read, write, and execute access:

PermissionNumberRead (r)4Write (w)2Execute (x)1

Add the numbers of the permissions you want to give; for example:

• For file

   chmod go-rw myfile

  8, to grant read, write, and execute permissions to yourself (4+2+1=7), read and execute permissions to users in your group (4+0+1=5), and only execute permission to others (0+0+1=1), you would use:

  -rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
  drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example
  

  0
• To grant read, write, and execute permissions on the current directory to yourself only, you would use:

  -rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
  drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example
  

  1

You can think of the three digit sequence as the sum of attributes you select from the following table:

Read by owner400Write by owner200Execute by owner100Read by group040Write by group020Execute by group010Read by others004Write by others002Execute by others001

Sum all the accesses you wish to permit. For example, to give write and execute privileges to the owner of

 chmod go-rw myfile

8 (200+100=300), and give read privileges to all (400+040+004=444), you would enter:

-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example

2

Some other examples are:

777anyone can do anything (read, write, or execute)755you can do anything; others can only read and execute711you can do anything; others can only execute644you can read and write; others can only read

Common issues when sharing data with other users

Important:

Be sure you understand your responsibilities when processing, storing, and sharing data containing protected health information (PHI). For more, see Your legal responsibilities for protecting data containing protected health information (PHI) when using UITS Research Technologies systems and services.

To share a file or directory that you own with someone, you can grant read and execute privileges for that user. However, you must also set the same privileges on any parent directories above the item you're sharing; if you don't, the user can't look and change into (

chmod a+r myfile

6) all the parent directories above your file or directory.

If you think of a file system as a physical place, then permissions work like keys that let you access different directories:

• The read (

  chmod a+r myfile

  2) permission lets users look (

  -rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
  drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example
  

  6) into directories.
• The execute (

  chmod a+r myfile

  5) permission lets users move (

  chmod a+r myfile

  6) into directories.
• The write (

  chmod a+r myfile

  4) permission lets users add and remove files.

For example, say you want to give someone access to

chmod o-w mydir

2. Imagine the path as a physical space:

• chmod o-w mydir

  3 is the gated community where you live.

• chmod o-w mydir

  4 is the unit.

• chmod o-w mydir

  5 is your apartment.

• chmod o-w mydir

  6 is a room in your apartment.

• chmod o-w mydir

  7 is a closet in your room.

If someone wanted to run your scripts, you would need to give that person access to every part of

chmod o-w mydir

2. You might try to do it this way:

-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example

3

However, a user can't read or access a subdirectory unless the user also has

chmod a+r myfile

5 permissions to the parent directories. In other words, the above command gives out a key to your closet, but not to your room or apartment.

To resolve this, give

chmod a+r myfile

5 permissions to the parent directories you control:

-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example

4

This will let others move (

chmod a+r myfile

6) to the

chmod o-w 

2 directory. Because the parent directories don't have

chmod a+r myfile

2 permissions, users will only be able to look (

-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example

6) within the

chmod o-w 

2 directory, keeping the rest of your file system private.

Get help

For more about

 chmod go-rw myfile

0, consult the manual page. At the Unix prompt, enter:

-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt
drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example

5

At Indiana University, for personal or departmental Linux or Unix systems support, see Get help for Linux or Unix at IU.

Related documents

Introduction to Unix commands Set the default protection to newly created directories and files in Unix

What permissions are needed to enter a directory?

What permissions are needed to change directory in Unix?

What is the bare minimum permissions required to get into a directory?

What are the 3 standard Linux permissions?