This section goes through a short example session to demonstrate how permissions are used. To change permissions, we’ll use the chmod command.
There are a couple of new tricks here. First, you can use ; to put two commands on one line. You can type the above as:
$ touch myfile
or as:
Either way the same thing will end up happening.
Recall that cd by itself returns you to your home directory. touch is normally used to change the modification time of the file to the current time. But it has another interesting feature: If the file doesn’t exist, touch creates the file. So you’re using it to create a file to practice with. Use ls -l to confirm that the file has been created and notice the permissions mode:
-rw-r--r-- 1 user user 0 Nov 18 22:04 myfile
Obviously the time and user/group names will be different when you try it. The size of the file is 0, because touch creates an empty file. -rw-r--r-- is the default permissions mode on Debian.
This command means to add (+) execute (x) permissions for the user (u) who owns the file. Use ls -l to see the effects.
Here you’ve subtracted (-) read permission (r) from the group (g) owning the file and from everyone else (others, o). Again, use ls -l to verify the effects.
Here you’ve set (=) user, group, and other permissions to read and execute. This sets permissions to exactly what you’ve specified and unsets any other permissions. So all rx should be set, and all w should be unset. Now, no one can write to the file.
a is a shortcut for ugo, or “all.” So all the x permissions should now be unset.
With this command, you’re removing the file, but without write permissions. rm will ask if you’re sure by displaying the following message:
You should respond by typing y and pressing Enter. This is a feature of rm, not a fact of permissions. Permission to delete a file comes from the directory permissions, and you have write permission in the directory. However, rm tries to be helpful, figuring that if you didn’t want to change the file (and thus remove write permission), you don’t want to delete it either, so it asks you.
What was that 0444 business in the question from rm? The permissions mode is a twelve-digit binary number, like this: 000100100100. 0444 is this binary number represented as an octal (base 8) number, which is the conventional way to write a mode. So you can type chmod 444 myfile instead of chmod ugo=r myfile.