Chmod 777 Ubuntu
If we are not familiar with Linux, we probably see the chmod command. In this article, we will explain everything we need to know about the file permissions of Linux. It is important to understand this command and the numbers that are related to certain levels of access. Whether we use Fedora, Ubuntu, or a more exotic Linux distribution, we should know when it is fine to set permissions to 777 with the help of the CHMOD command and when we should use another setting.
Working of Linux File Permissions
The operating system decides who can access a file based on attributes, ownership, and file permission in Linux. The system permits us, the admin, or owner, to enable access limitations to various directories and files. We can increase the security of our system by providing access only to programs and users we trust.
What are User Classes?
A particular group or user owns all single directories and files. It means that there are three different categories of users to which we can assign a certain access level. These users are divided below:
We can find these groups in Ubuntu visually by right-clicking on a directory, choosing Properties, and visiting the Permissions tab. The owner is the one who can access everything. They usually have full access to all directories and files and can modify the file permissions of another user as well. This group is composed of several users that have access levels to a directory of file provided by the owner. For instance, a user's group can be excluded from changing a file while being permitted access to see that file.
Other classes simply illustrate guest users that do not fall into two other categories. Their access level is, by default, restricted. It depends on the owner to decide what guest users can or can not do.
What are the Levels of the File Permission?
We can assign three different access levels to our directories and files as the owner:
Note: We can manage how much access a particular user has to a directory or file by combining Permissions and Classes.
Permission Numbers and Symbols
File permissions are symbolically or numerically represented. We can use both numbers and symbols to change directory and file permissions. The easiest way is with numbers, but we should also know about the symbols. So, let's understand the symbol:
File Permission Symbols
We can view our permissions for every content in a directory if we type the below command inside the terminal window:
We can manage any directory using the command, i.e., cd.
File Permission Numbers
For file permissions, the numeric format is simple. In practice, we usually find chmod numbers represented in triplets, such as 777 or 762. It is because all folders and files in Linux have three permissions associated.
The codes of the file permission have three digits, which are as follows:
So, if we find a 762 permission allowed to a folder, it means the user who made the folder has complete control, members of the group of that user have write and read permissions, and others have read access only. It is permission often allowed to upload folders of any web server like Nginx.
Another way to assume chmod permissions using the 762 number:
The digits lie between 0-7 where:
The permission digit of all classes is decided by summing up the permission values. In other words, all digits for all classes can be the value of 4, 2, 1, and 0. Here is the full permission list:
For instance, a 644 permission tells that the owner of the file has write and read permissions. However, the two other classes have read permissions only. We need basic math only to set permissions with a number format.
A 777 permission offers execute, write, and read permissions to every three classes of users. In other words, everyone who has access to our system can execute, read, and change files. Only use it when we trust every user and do not need to think about security breaches. A permission 777 is used because it is convenient, but we should sparingly use it. In fact, we suggest never using it due to the security risks being too high.
A user (unauthorized) could compromise our system or change our website to share malware, for example. We should provide 755 permission rather. That way, we, as a file owner, have complete access to a directory or file, but others can execute and read and not make changes without our approval.
Working of Chmod Numbers
If we work in a Unix-based platform, we need a firm knowing the working of chmod numbers. For example, we need to know that 777 is a dangerous permission to give; 664 is a nice mode change on an Apache web server for the HTML directory, and an 898 chmod number makes no sense.
Admins can allow any three permission combinations to every folder and file in a Unix-based computer: execute (x), write (w), and read (r). If we query our rights to any file on Unix, we might see one of the below results:
Unix administrators found that if all those three permissions were allowed a numeric value, several combinations of execute, write, and read permissions could be represented as a single digit. We should assign execute the 1 value, read the 4 value, and write the 2 value. After that, add the rights of the user together, and we will end up with a specific digit between 0 and 7.
Chmod Number Examples
Here are some instances of how the chmod number works when permission values are grouped together:
A chmod number to ignore
777 is a lucky combination in a few circles. But Unix admins ignore the 777 permission number because it even provides unauthorized users the right to run programs in a folder they can see. It opens our server to ransomware, malware, and other malicious attack vectors. Also, it is a risk for users to execute and edit files that they should not be permitted to touch.
The problems of the software integration are often hard to troubleshoot, especially when there is distraction about the rights allowed to groups and users who try to access a provided resource. New admins may recursively be tempted to assign the chmod number, i.e., 777, to a directory and each content to discount this permission issue.
Unfortunately, an admin may try other troubleshooting operations and forget to go back to the folder to its real permissions if the 777 chmod number modification does not work. Failure to implement that not just puts the devices at risk, but it can also enable the device to a compliance or security audit.