Chmod 777 Ubuntu

If we are not familiar with Linux, we probably see the chmod command. In this article, we will explain everything we need to know about the file permissions of Linux. It is important to understand this command and the numbers that are related to certain levels of access. Whether we use Fedora, Ubuntu, or a more exotic Linux distribution, we should know when it is fine to set permissions to 777 with the help of the CHMOD command and when we should use another setting.

Working of Linux File Permissions

The operating system decides who can access a file based on attributes, ownership, and file permission in Linux. The system permits us, the admin, or owner, to enable access limitations to various directories and files. We can increase the security of our system by providing access only to programs and users we trust.

What are User Classes?

A particular group or user owns all single directories and files. It means that there are three different categories of users to which we can assign a certain access level. These users are divided below:

• Group
• Owner
• Others

We can find these groups in Ubuntu visually by right-clicking on a directory, choosing Properties, and visiting the Permissions tab. The owner is the one who can access everything. They usually have full access to all directories and files and can modify the file permissions of another user as well. This group is composed of several users that have access levels to a directory of file provided by the owner. For instance, a user's group can be excluded from changing a file while being permitted access to see that file.

Other classes simply illustrate guest users that do not fall into two other categories. Their access level is, by default, restricted. It depends on the owner to decide what guest users can or can not do.

What are the Levels of the File Permission?

We can assign three different access levels to our directories and files as the owner:

• Read: It provides us limited access to a directory or file. All we can do is read a file or view the contents of the directory. We can not edit, remove, or add a new file to that directory.
• Write: It permits us to edit and read files. If we assign this excess level to a directory, we can add or remove files as well.
• Execute: It is only important when executing or running files. For example, we can not run a program or script without Execute permission.

Note: We can manage how much access a particular user has to a directory or file by combining Permissions and Classes.

Permission Numbers and Symbols

File permissions are symbolically or numerically represented. We can use both numbers and symbols to change directory and file permissions. The easiest way is with numbers, but we should also know about the symbols. So, let's understand the symbol:

File Permission Symbols

We can view our permissions for every content in a directory if we type the below command inside the terminal window:

We can manage any directory using the command, i.e., cd.

File Permission Numbers

For file permissions, the numeric format is simple. In practice, we usually find chmod numbers represented in triplets, such as 777 or 762. It is because all folders and files in Linux have three permissions associated.

The codes of the file permission have three digits, which are as follows:

• The first digit is assigned to the owner.
• The second digit represents the group of the file.
• The last one is for everyone.

So, if we find a 762 permission allowed to a folder, it means the user who made the folder has complete control, members of the group of that user have write and read permissions, and others have read access only. It is permission often allowed to upload folders of any web server like Nginx.

Another way to assume chmod permissions using the 762 number:

• Unauthorized users can access files provided to them by a web server. If they don't have read access, then web pages will not load. Although, unauthorized users are not permitted to upload files.
• The user who made the folder has complete control to upload new files, delete files, read files, and even run scripts.
• Users who are related to the group of the folder's owner have only write permissions. They are permitted to FTP files to a server and see the modifications they have done to the website.

The digits lie between 0-7 where:

• 4= read
• 2= write
• 1= execute
• 0= no permission

The permission digit of all classes is decided by summing up the permission values. In other words, all digits for all classes can be the value of 4, 2, 1, and 0. Here is the full permission list:

• 0 (0 + 0 + 0) = The user class does not have permission.
• 1 (0 + 0 + 1) = Only execute permission.
• 2 (0 + 2 + 0) = Only write permission.
• 3 (0 + 2 + 1) = Execute and write permissions.
• 4 (4 + 0 + 0) = Only read permission.
• 5 (4 + 0 + 1) = Execute and read permissions.
• 6 (4 + 0 + 2) = Write and read permissions.
• 7 (4 + 2 + 1) = All permissions.

For instance, a 644 permission tells that the owner of the file has write and read permissions. However, the two other classes have read permissions only. We need basic math only to set permissions with a number format.

Permission 777

A 777 permission offers execute, write, and read permissions to every three classes of users. In other words, everyone who has access to our system can execute, read, and change files. Only use it when we trust every user and do not need to think about security breaches. A permission 777 is used because it is convenient, but we should sparingly use it. In fact, we suggest never using it due to the security risks being too high.

A user (unauthorized) could compromise our system or change our website to share malware, for example. We should provide 755 permission rather. That way, we, as a file owner, have complete access to a directory or file, but others can execute and read and not make changes without our approval.

Working of Chmod Numbers

If we work in a Unix-based platform, we need a firm knowing the working of chmod numbers. For example, we need to know that 777 is a dangerous permission to give; 664 is a nice mode change on an Apache web server for the HTML directory, and an 898 chmod number makes no sense.

Admins can allow any three permission combinations to every folder and file in a Unix-based computer: execute (x), write (w), and read (r). If we query our rights to any file on Unix, we might see one of the below results:

• rwx
• rw-
• r-x
• r--

Unix administrators found that if all those three permissions were allowed a numeric value, several combinations of execute, write, and read permissions could be represented as a single digit. We should assign execute the 1 value, read the 4 value, and write the 2 value. After that, add the rights of the user together, and we will end up with a specific digit between 0 and 7.

Chmod Number Examples

Here are some instances of how the chmod number works when permission values are grouped together:

• With read permissions only, a user would have the 4 permission value.
• With write and read permissions, a user would have the 6 (4+2) permission value.
• With every three permission, a user would have the 7 permission value.

A chmod number to ignore

777 is a lucky combination in a few circles. But Unix admins ignore the 777 permission number because it even provides unauthorized users the right to run programs in a folder they can see. It opens our server to ransomware, malware, and other malicious attack vectors. Also, it is a risk for users to execute and edit files that they should not be permitted to touch.

The problems of the software integration are often hard to troubleshoot, especially when there is distraction about the rights allowed to groups and users who try to access a provided resource. New admins may recursively be tempted to assign the chmod number, i.e., 777, to a directory and each content to discount this permission issue.

Unfortunately, an admin may try other troubleshooting operations and forget to go back to the folder to its real permissions if the 777 chmod number modification does not work. Failure to implement that not just puts the devices at risk, but it can also enable the device to a compliance or security audit.