×
By the end of this chapter, you should be able to:
chmod
chown
and chgrp
root
is, and the relationship between root
and sudo
ln
commandWhen you're working in Terminal, you may sometimes find that you're not allowed to do things you want to do. Maybe you're trying to install something, or move a file from one directory to another, and you get an error telling you something along the lines of "permission denied." These sorts of permissions errors are extremely common, so understanding how to deal with them is important. That's what we'll learn how to in this chapter.
Before you learn about permissions, you first need to understand users and groups. Let's take a look at an example. Head to your home directory and list everything using the ls -lah
command. (Not sure what the h
flag does? Check the manual!)
The output you get might look something like this:
The details of these files aren't important. What you should see is a bunch of rows of output, one row for each file or directory. Let's figure out what all of this actually means. For instance, here is the line for the .bashrc
file from the above screen shot:
-rwxr-xr-x 1 eschoppik staff 67B Aug 29 2014 .bashrc
The third column specifies the username of the user that owns the file. In this case, eschoppik
is the owner of the file. The fourth column specifies the name of the group associated with the file. In this case the group staff
is associated with the file.
In most Mac systems, users are also members of the staff
group. To see which groups you are a member of, type the groups
command in Terminal. The staff
group will likely be one of the many groups you are in. As we will see next, permissions can be set for the owner of the file, a user that is in a group associated with the file, or a user that is neither the owner nor a member of the associated group.
Let's take a look at that .bashrc
line again:
-rwxr-xr-x 1 eschoppik staff 67B Aug 29 2014 .bashrc
We've already talked about the third and fourth columns in this output. Now let's talk about the first column. The -rwxr-xr-x
refers to permissions of the .bashrc
file. Each character of the permissions string, -rwxr-xr-x
describes something about the file's permisisons. But what are permissions? A file's permissions is a set of rules that describes which operations a user can or cannot perform on a file or folder. There are 3 types of operations that can be allowed or not allowed:
r
- reading the filew
- writing to the filex
- executing the file (we will go into this in more detail soon)You may be asking at this point, why is the permissions string so long if there are only 3 operations that can be specified? Well, a permissions string describes different types of users that can or cannot perform read, write and execute operations. You may be one of 3 different types of users:
So a permissions string specifies the permissions for all 3 types of users plus an extra character to specify the type (file, folder, etc).
Here is how the above permissions string breaks down:
In other words, this string says that .bashrc
is a file, that the owner of the file can read, write, and execute, users in the group can only read and execute, and other users can only read and execute as well.
To change the permissions of a file we use the chmod
command. For each set of permissions (owner, group, everyone) we can assign a number from 0 to 7. This is called octal (base-8) notation. Here's a table that illustrates what each number means.
Number | Permission | rwx (display in terminal) |
---|---|---|
0 | none | --- |
1 | execute | --x |
2 | write only | -w- |
3 | write and execute | -wx |
4 | read only | r-- |
5 | read and execute | r-x |
6 | read and write | rw- |
7 | read, write and execute | rwx |
So if we want to change a file so that only the owner and group can read, write, and execute, we would type chmod 770 somefile.txt
.
If you'd like to be a bit more specific, you can also set permissions using what's called symbolic notation. Here's an example of what that looks like:
chmod ug+rwx,o-rwx hi.txt
This is saying "add read, write, and execute permissions to the user and the group, and remove read, write, and execute permissions from other." While a bit more verbose, it's also a little more descriptive. To see more examples of symbolic notation, check out this article.
If we want to change permissions for a folder, we need to add the -R
flag: chmod -R 755 some_folder
.
You can read more about chmod
here.
Now let's talk a little bit more about what the x
(executable) means for a file or a folder's permissions. If you have executable permissions on a folder, it means that you can cd into it. See what happens with the following commands:
mkdir test_folder cd test_folder cd .. chmod 666 test_folder cd test_folder
You should see an error saying permission denied. Add the execute permission back to the folder, and then remove the folder.
Now onto executable files. When a file is executable, it can be run from your shell as if it were a program. Let's first create our file. Type the following in your terminal:
echo ls > test.sh echo pwd >> test.sh echo pushd . >> test.sh echo "cd ~" >> test.sh echo "pwd" >> test.sh echo popd >> test.sh cat test.sh
The test.sh
file should look like the following now:
ls pwd pushd . cd ~ pwd popd
(Did you notice that our first echo
command used a single arrow (>
), while the other commands used two? We'll explore the difference between these two operators in the next chapter!)
Now let's make the file executable and run it. Use chmod to make it executable: chmod 755 test.sh
. Next, execute the file by providing a path to the file. In our case, the file is in the current directory, so to execute it, we do the following: ./test.sh
. We just made our first executable shell script!
Now that we have a clearer understanding of users, groups and permissions, let's take a look at the line from ls -lah
again:
-rwxr-xr-x 1 eschoppik staff 67B Aug 29 2014 .bashrc
1
refers to the number of files (this will always be 1 for files)eschoppik
is the "owner"staff
is the group67B
is the size of the fileAug 29 2014
is the last day the file was modified.bashrc
is the name of the fileSo what if we don't want eschoppik
as the owner of the file any longer? Or what if we want a different group to own that file? We can use one of the following commands:
chown anotheruser:anothergroup .bashrc
Or if we just want to change the group:
chgrp anothergroup .zshrc
.
Now let's take a look at this line from the ls -lah
command:
drwxr-xr-x 6 root admin 204B Oct 20 2015 ..
The other file said eschoppik
for user and staff
for group, but this one says root
and admin
. We can also see that this is a directory because it starts with a d
before listing the permissions. So what is the root
user?
The root
user is a special user on your computer that has the power to do anything it wants. It can change permissions on any file, delete anything it wants, etc. When you see root
as the owner, and you want to make a change to that file, you have to use a command called sudo
. The sudo
command gives you the powers of the root
user for just one command and will ask you for your password in order to preform the command. Try out commands with sudo. Create a file called somefile.txt
. Then make the owner the root user:
sudo chown root somefile.txt
Now try to delete the file without using sudo. You are not allowed. Look at the permissions. Why is this not allowed?
Since we have files and folders located all over our file system, it becomes difficult to identify where many of these are located. Fortunately, we can create a link (also known as an alias) to a file or folder using the ln
command. The structure looks like this:
ln path_to_link name_of_link
There are two kinds of links we can make, hard and symbolic links - let's see how they work!
Let's create a file called learn.txt
in our Desktop
folder (type in cd /Users/$USER/Desktop
if you need to get there). We can open up our learn.txt
file using open learn.txt
and let's add the text "Learning about links!".
Now let's create a link to this file! We can call our link first_link
. To do this we use the ln
command and type ln learn.txt first_link
. Now if we cat first_link
we should see the output "Learning about links!".
If we decide to move our learn.txt
file anywhere we still have a link to it through first_link
! Pretty awesome!
If we decided to delete our learn.txt
file, what happens to our hard link? Let's rm learn.txt
and then cat first_link
. We still see that we have a link! This might seem strange; shouldn't a link be broken if a file is removed? Not with hard links! You can think of a hard link like a direct copy of a file. If the file is removed, the link still exists.
We saw that when we remove the original file, any hard links still remain and contain the entire source file. This is usually not what we want, since we usually want a reference to some file and not a direct copy. To create a reference instead of a copy, let's make a symbolic link.
To create a symbolic link, we use the -s
flag when creating a link. Let's create a new file called learn_again.txt
and then create a symbolic link using ln -s learn_again.txt first_sym_link
. If we cat first_sym_link
we do not get any errors! But if we delete or move learn_again.txt
, our first_sym_link
will be broken!
We can also use symbolic links for folders as well, which makes it very useful if we need to access a folder but do not remember the path. However, if your original file/folder path changes or is removed , the symbolic link will break!
When you're ready, move on to Redirection