Commands
In this RHCSA9 Exam Series: Resetting the Root Password article, we will review how to change or reset the root password in RHEL9. There’s a
In this article, we will compare chmod vs. umask, the differences between them as well as how we can use them in our Linux environment.
The chmod and umask utilities are used to manage file permissions on a Linux machine. However, they both serve different purposes and we will explore that further by reviewing some examples, demonstrating how both commands are used.
Photo by Stephan Muller from Pexels
Simply put, the change mode or chmod (abbreviated) utility is used to change the access permissions and special mode flags (e.g. setuids, setgids, and sticky-bits) of file systems objects such as, files and directories. It is bundled as part of the GNU coreutils package and written by David Mackenzie and Jim Meyering.
The chmod command is used to change the file and directory permissions of a file, whereas the umask command is used to set the default permissions for new files and directories.
The chmod command controls who can access a file, write to a file, and if the file is a script or executable, execute a file. Access is typically broken down into three classes. The user or owner of a file, the group that can access the file, and everyone else or others. They are represented in symbolic format as u=user, g=group, o=others, and a=all (also known as ugo).
The file or directory owner. If for example, you logged onto a Linux machine as the root user, the files and directories as well as a host of other system files and directories will be owned by root.
root@node1.infotechys.example.com: ~
# ls -lh
total 4.0K
-rw-------. 1 root root 1.6K Jun 4 21:03 anaconda-ks.cfg
In this example (above), we ran a long listing (ls -lh) of the root home directory and found the anaconda-ks.cfg file. To the left of the file, we can see the symbolic representation of the permissions (-rw-------) assigned to the file.
The first four characters-rw-are reserved for the user or owner of the file and indicates only the root user has access to read and write toanaconda-ks.cfg.
The next three characters --- are reserved for the group. In this instance, the root group members are denied read, write, and execute permissions to the file.The last three characters --- apply to everyone else or others (anyone that does not belong to the root group or is not the root user). The same permissions apply to all others. anaconda-ks.cfg file. If any other user or member of the root group attempts to access that file, they will be denied.Refers to members of a file’s group–the following example (below) illustrates group access permissions.
[jsmith@node1 ~]$ id
uid=1002(jsmith) gid=1002(jsmith) groups=1002(jsmith),50001(contractors) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[jsmith@node1 ~]$ echo "this is a textfile that belongs to jsmith only" >> testfile1.txt
[jsmith@node1 ~]$ ls -lh
total 4.0K
-rw-r--r--. 1 jsmith jsmith 47 Aug 6 02:56 testfile1.txt
[jsmith@node1 ~]$ pwd
/home/jsmith
In this example (above), we created a new user account for John Smith (jsmith) and added him to the contractors group. Next, we created a file called testfile1.txt with a line inside it that reads “this is a textfile that belongs to jsmith only” in his home directory. The example below proves that access to the testfile1.txt belongs solely to jsmith and no one else.
[rbaker@node1 ~]$ id
uid=1003(rbaker) gid=1003(rbaker) groups=1003(rbaker),50001(contractors) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[rbaker@node1 ~]$ cat /home/jsmith/testfile1.txt
cat: /home/jsmith/testfile1.txt: Permission denied
[rbaker@node1 ~]$ ls -lh /home/jsmith/testfile1.txt
ls: cannot access '/home/jsmith/testfile1.txt': Permission denied
User rbaker is also a member of the contractors group but cannot access the testfile1.txt file. Why you ask? Click the Others tab to continue.
Refers to everyone else or anyone that is not a file owner or a member of a file’s group.
[rbaker@node1 ~]$ ls -lh /home
total 0
drwx------. 2 jsmith jsmith 104 Aug 6 02:56 jsmith
drwx------. 2 rbaker rbaker 83 Aug 6 03:13 rbaker
In the example (above), we can observe that both users (jsmith and rbaker) are the sole owners of their home directories with no permissions given to group members or others. Even though testfile1.txt is set to read permissions for the group and others, it lives under the jsmith home directory which is not accessible or owned by anyone but jsmith (below).
[jsmith@node1 ~]$ ls -lh
total 4.0K
-rw-r--r--. 1 jsmith jsmith 47 Aug 6 02:56 testfile1.txt
Infact, only a superuser (root) can access that file (as shown below).
root@node1.infotechys.example.com: ~
# cat /home/jsmith/testfile1.txt
this is a textfile that belongs to jsmith only
The syntax for chmod is “chmod [permissions] [file/directory]“, whereas the syntax for umask is “umask [permissions]”.
To give the owner of a file read, write, and execute permissions, the group read and execute permissions, and others no permissions, you would use the following command:
chmod 750 filename.txtThe first number (7) sets the permissions for the owner of the file, the second number (5) sets the permissions for the group, and the third number (0) sets the permissions for others.
To give all users read and write permissions for a directory and its contents, you would use the following command:
chmod -R 666 directoryname
The “-R” option tells chmod to apply the permissions recursively to all files and directories within the specified directory.
To set the default permissions for new files to be created to read and write for the owner, and read only for the group and others, you would use the following command:
umask 022
This will subtract 022 from the default permissions of 666 (i.e., 666-022=644).
To set the default permissions for new directories to be created to read, write, and execute for the owner, and read and execute for the group and others, you would use the following command:
umask 002
This will subtract 002 from the default permissions of 777 (i.e., 777-002=775).
Note that the umask command is not used to directly set permissions on existing files or directories; it only sets the default permissions for new files and directories to be created.
Permissions: chmod sets permissions using absolute values, such as “chmod 755 file”, which would set the permissions to read, write, and execute for the owner, and read and execute for group and others. In contrast, umask sets permissions using octal values, such as “umask 022”, which would set default permissions to 755 (i.e., 777-022=755).
Scope: The chmod command applies permissions to a single file or directory, while umask applies permissions to all new files and directories created in a particular directory.
Execution: The chmod command is executed on a file or directory to which you have access, whereas the umask command is executed in the shell to set the default permissions for new files and directories.
Owner and Group: chmod can be used to change the owner and group of a file or directory, whereas umask only affects permissions and not ownership.
Time of Application: chmod applies permissions immediately, while umask sets the default permissions for new files and directories to be created in the future.
Inverse Relationship: chmod and umask have an inverse relationship, meaning that the permissions set by umask are subtracted from the default permissions set by chmod. This means that if the default permissions for a file are set to 777 and the umask is set to 022, the actual permissions for the file will be 755 (777-022=755).
We have successfully reviewed the chmod and umask utilities, the differences between them, and how they are utilized in a Linux environment. Was this article helpful to you? If so, leave us a comment. We’d love to hear from you!
Related Posts
In this RHCSA9 Exam Series: Resetting the Root Password article, we will review how to change or reset the root password in RHEL9. There’s a
In this section of the RHCSA9 Exam Series: Understand and use essential tools, we will examine some of the essential tools that may appear on
In this article, we will review how to change DNS settings using nmcli. In RHEL7 and CentOS7, modifying the ifcfg scripts or /etc/resolv.conf files directly