Dealing with Command Line Permissions

Video loading...

  • 0:02
    Dealing with Command Line Permissions with Addison Berry
  • 0:08
    Welcome back to the Lullabot Command Line Basics
  • 0:10
    series of videos.
  • 0:12
    In this video, we're going to be looking
  • 0:14
    at permissions and ownership.
  • 0:15
    So, basically, we'll be just looking at
  • 0:17
    a few commands here that can let you modify
  • 0:20
    who is allowed to have access and what kind of access
  • 0:23
    they're allowed to have for both files and folders,
  • 0:26
    and we're also going to be looking at a command called
  • 0:29
    sudo, which lets you temporarily escalate your
  • 0:32
    own privileges
  • 0:32
    so that you can have a little bit more power
  • 0:34
    to make some changes, and then go back to being a
  • 0:37
    regular user again.
  • 0:38
    So, let's get started.
  • 0:39
    The first thing I'm going to do here is move into my Drupal
  • 0:43
    directory, where we've been playing around already.
  • 0:46
    Got a bunch of stuff. I need to get a little bit more
  • 0:49
    information though.
  • 0:50
    So I'm going to actually do an ls -al
  • 0:54
    like we saw on the first video
  • 0:55
    so I can get more details on the files and folders here.
  • 0:58
    And this is going to show me permissions and ownership.
  • 1:00
    Remember in the first video, we said that the d stands
  • 1:03
    for directory because that's a folder.
  • 1:05
    If you look up here, we have some files that
  • 1:07
    just have dashes at the beginning.
  • 1:08
    First character is not important to what I want to look at, I want
  • 1:13
    to look at these. We have 3 sets with 3 letters here.
  • 1:16
    Those are permissions for the user,
  • 1:18
    these are permissions for the group,
  • 1:20
    and then this last set of 3 are permissions for
  • 1:24
    everybody else who is not the user or in the group.
  • 1:27
    I'll also point out this little @ sign thing,
  • 1:29
    here is a Mac thing, ignore that.
  • 1:32
    It's not something we're going to talk about.
  • 1:34
    Now, this column over here, this is listing the user for
  • 1:37
    the file and those are the permissions for the user.
  • 1:39
    That first set of 3.
  • 1:41
    This is the group and the group is that second set of 3,
  • 1:45
    and then again, that last set of 3 is for everybody else.
  • 1:48
    Now, let's look at what these letters actually stand for.
  • 1:53
    So, we have r for read, w for write,
  • 1:57
    and x is for execute.
  • 1:59
    That's for the user, in this particular one.
  • 2:02
    For the group, they have read and execute permissions,
  • 2:06
    and for everybody else, they have read
  • 2:09
    and execute permissions.
  • 2:11
    Now, this particular one I'm looking at here is
  • 2:12
    a directory or a folder, and so, execute means
  • 2:17
    for that, means I can actually go into the folder.
  • 2:20
    I can actually get inside it.
  • 2:21
    On a file, the execute permission means that you
  • 2:25
    can actually run a script, is typically where you would see that.
  • 2:29
    So you don't see it on like text files,
  • 2:30
    you tend to see it on files that actually will run things
  • 2:33
    and execute something on your system.
  • 2:35
    So you don't tend to see that as often.
  • 2:39
    So again, if we look at the letters here,
  • 2:42
    for the permissions themselves, the user has read,
  • 2:45
    write, and execute permissions, on this particular folder,
  • 2:49
    and the group of staff has only read and execute.
  • 2:54
    So I can't actually write anything there,
  • 2:57
    if I was just a member of the group.
  • 2:58
    Alright, so, before we actually do stuff to these
  • 3:03
    files and folders, what I'm going to do is
  • 3:05
    what we did in the last video.
  • 3:06
    I'm going to go ahead and copy my stuff
  • 3:08
    folder into something else, so that I can just
  • 3:11
    play with it and wreck things in it.
  • 3:13
    It won't be a big deal.
  • 3:14
    So I'll just call this boo. It doesn't really matter.
  • 3:17
    So I'm doing copy, recursive because it's a folder,
  • 3:20
    and, now, I have boo as one of my folders.
  • 3:27
    I go into boo, and now I have a playground
  • 3:30
    of stuff that I can monkey around with.
  • 3:34
    And the first thing I want to do is go ahead
  • 3:36
    and do that ls -al again, so I can get that detailed
  • 3:40
    list of all my permissions.
  • 3:42
    And the particular thing I'm going to be using in
  • 3:44
    this example is this get_scripts folder here.
  • 3:46
    So you can see we have the owner is addi, the group is staff,
  • 3:53
    and the owner has read, write, execute,
  • 3:56
    and then the group and other, both have, read and execute.
  • 3:59
    So, and what I want to do is remove, I don't want
  • 4:02
    other people to be able to do anything.
  • 4:03
    I want to remove the permissions for them.
  • 4:05
    So, we're going to use a command called chmod, right?
  • 4:08
    Changing mode, it's not quite as intuitive.
  • 4:10
    When you use chmod to change permissions,
  • 4:14
    you have, you can use different letters to indicate
  • 4:19
    which level of ownership it is that you want to change.
  • 4:21
    So u is for user, g is for group, o is for other,
  • 4:26
    or everybody else, other, and then a is for all.
  • 4:29
    If you want to change all the permissions at the same time.
  • 4:33
    You can also group them together.
  • 4:35
    So if I wanted to change both the user and the group
  • 4:37
    permissions at the same time, I can just type both
  • 4:39
    of those letters.
  • 4:40
    And that lets chmod know which ones I want to change.
  • 4:43
    Now, in this instance I want to change other,
  • 4:45
    and I want to remove rights, so to remove,
  • 4:48
    I'm going to put a minus sign, to subtract, right?
  • 4:50
    And then I can tell it what I want to remove,
  • 4:54
    and I want to remove the read and the execute on this.
  • 4:57
    And then I just put the name of the folder, or file,
  • 5:00
    that I'm doing this change on.
  • 5:02
    And now when I do ls -al, you look at this, you can see that for other,
  • 5:08
    they have no permissions at all now.
  • 5:11
    So, they can't look at it,
  • 5:13
    they can't write anything, and they can't get into the folder.
  • 5:17
    So if I want to change this stuff back,
  • 5:19
    what I'll do is chmod again, o, and this time I want to
  • 5:24
    add permissions, rather than subtract,
  • 5:25
    so I'm going to use plus sign, and I'm going to add the read
  • 5:28
    and execute permissions back to this folder.
  • 5:32
    So, there's get_scripts.
  • 5:34
    I do the ls -al, and now when we look at this,
  • 5:37
    you can't see that other has the r and the x back on it.
  • 5:42
    One thing I also want to point out, right here,
  • 5:44
    while we're talking about a folder.
  • 5:45
    I just changed permissions on the folder,
  • 5:46
    and it only changes the folder, it doesn't change anything
  • 5:49
    inside of it.
  • 5:50
    I can use that -r that we used in earlier
  • 5:55
    videos to recursively change stuff, as well,
  • 5:58
    but just keep that in mind.
  • 6:00
    You're just changing the folder.
  • 6:01
    Now, I'm going to go into get_scripts folder here,
  • 6:04
    and we can start playing with these files.
  • 6:05
    Just a smaller list to look at and kind
  • 6:08
    of visually keep an eye on.
  • 6:10
    I do want to point out, these actually have the execute
  • 6:13
    permission on them, and these are individual files.
  • 6:16
    That's because these are shell scripts that would execute.
  • 6:18
    So, if you get a script and it's not working right,
  • 6:21
    and it won't fire, make sure it has execute permission on it,
  • 6:24
    or else it won't actually run the script.
  • 6:27
    So, an important thing to just sort of be aware of
  • 6:30
    when working with files and permissions.
  • 6:34
    And so now, let's actually look at the ownership.
  • 6:38
    We've been looking at the permissions,
  • 6:40
    so the "wrx" letters and let's actually look at
  • 6:44
    the actual owner and group stuff,
  • 6:46
    and how you can change that stuff out.
  • 6:49
    One important thing I want to point out.
  • 6:50
    So I'm logged in as addi, and addi is the owner of these
  • 6:55
    files, and if I want to change ownership to somebody else,
  • 7:00
    and then I can do this, but there's also a little
  • 7:03
    bit of oddness involved.
  • 7:05
    So, there's this user called root and that's like your
  • 7:08
    Superuser and in like a Drupal world, that would be user 1.
  • 7:11
    And typically, we don't operate in that mode.
  • 7:14
    We're logged in as a regular user.
  • 7:16
    To temporarily move into the root role,
  • 7:20
    you can use this command called, sudo,
  • 7:24
    which means Superuser Do.
  • 7:25
    So, "Do as the Superuser would,"
  • 7:28
    and many, many systems are set up to use this,
  • 7:31
    but you need to have the proper permissions on
  • 7:34
    your normal user account, in order to be able to do this.
  • 7:36
    But, so if I want to do something where I temporarily
  • 7:40
    advance my rights, so that I can do more stuff,
  • 7:42
    then that's the command I actually need to use.
  • 7:45
    So if I try to do change ownership,
  • 7:47
    which is chown, c-h-o-w-n. If I try to change the ownership
  • 7:52
    on one of these files and give it to root,
  • 7:54
    I want to make the owner actually the root user.
  • 7:57
    I can go ahead and type this in.
  • 7:59
    So, chown, the name of the user, and the file
  • 8:02
    or folder I want to change.
  • 8:04
    And it's telling me it's not permitted.
  • 8:05
    I don't actually have enough permission to give
  • 8:08
    this file to root.
  • 8:11
    So, what I need to do is I actually need to temporarily
  • 8:14
    escalate myself by using sudo, and then I can type
  • 8:17
    my regular command after that.
  • 8:20
    So, I'll go ahead and type this in.
  • 8:21
    I'm going to change the ownership to root
  • 8:25
    and put the filename, and now, it's going to prompt
  • 8:30
    me for my password because it wants to make sure
  • 8:31
    I really am allowed to sudo.
  • 8:34
    And I can't seem to type my password, there we go. OK.
  • 8:41
    So, It basically asked me to authenticate, I did.
  • 8:44
    And I went ahead and executed it, and so now,
  • 8:46
    it changed the owner to root.
  • 8:49
    Now, the owner is root.
  • 8:51
    I can't actually, as addi, I can't really do anything
  • 8:56
    to this file now, because it's not even owned
  • 8:58
    by me anymore.
  • 9:01
    And you'll see if I try to do a chmod on this,
  • 9:05
    I want to change the permissions to add write
  • 9:06
    permissions for everybody.
  • 9:08
    So, a is for all and I want to just add
  • 9:11
    write permissions across the board.
  • 9:12
    If I try to do that as the user addi, as I'm logged in,
  • 9:16
    when I do that, it's going to tell me
  • 9:17
    the operation is not permitted.
  • 9:18
    I don't have permission to do this because it's owned by root.
  • 9:21
    So, in order to do anything to this file, at this point,
  • 9:24
    I'm going to have to use sudo, and temporarily pop myself up.
  • 9:28
    So, I'll rerun the command again,
  • 9:30
    but I'm going to put sudo at the beginning,
  • 9:31
    and this will go ahead and give me write. You'll notice
  • 9:35
    it didn't prompt me for my password.
  • 9:37
    It already has it for this particular session.
  • 9:39
    So, it knows that I'm in.
  • 9:42
    So, here you can see we've added the write permissions,
  • 9:46
    even though it's still owned by root, because I used sudo.
  • 9:52
    Now, that just changed the owner,
  • 9:54
    but we also want to look at changing the group because
  • 9:57
    sometimes the group is important to change too.
  • 9:59
    So it's currently set to staff, and I can actually use
  • 10:02
    the chown command to change the group, as well.
  • 10:04
    So, I'm going to use sudo again, because this is owned by root,
  • 10:08
    so I need that.
  • 10:09
    I'll do chown, and I'm actually going
  • 10:11
    to change the user at the same time.
  • 10:14
    So, I'm going to change the user to nobody.
  • 10:16
    So I put that in as my main chown,
  • 10:18
    and that's going to replace root,
  • 10:20
    and then I do colon, and that's going to replace staff.
  • 10:23
    That's going to be the group, and I'm going to put it into
  • 10:25
    the admin group.
  • 10:26
    So, nobody user, admin group, filename.
  • 10:30
    Go ahead and do my list all, here and you can see that
  • 10:35
    I've changed both of those at the same time.
  • 10:41
    Alright, so let's go ahead and go back and sort of change
  • 10:44
    everything back to the way that it was,
  • 10:47
    because I, so I've changed the ownership.
  • 10:50
    So, I'm going to go ahead and sudo chown and put it back to
  • 10:56
    addi and staff, which is what it originally was.
  • 10:58
    We'll look at that, right?
  • 11:00
    OK, so, I changed my ownership back again,
  • 11:03
    and the group back again.
  • 11:05
    And now, remember we added that +w,
  • 11:09
    so I'm going to go ahead and chmod it.
  • 11:10
    Now, I'm logged in as addi and it's owned by addi again,
  • 11:13
    so I can actually go ahead and just do this without sudo now.
  • 11:17
    I want to, under, for both group and other,
  • 11:20
    remove write. I want to leave that on for addi,
  • 11:24
    and we can see that worked.
  • 11:26
  • 11:28
    So, I went ahead and got rid of the write permission for
  • 11:31
    both the group and other.
  • 11:34
    I would also be remiss if I didn't actually mention that
  • 11:37
    we use chown to do the group thing, but there's also a command
  • 11:44
    called, chgrp, which is c-h-g-r-p, which would just change the group.
  • 11:49
    So, chown let's you do the owner and the group,
  • 11:51
    chgrp is just going to be the group.
  • 11:53
    Same syntax that you would use just chgrp, the name
  • 11:57
    of the group, and then the file or folder
  • 11:59
    you wanted to change.
  • 12:01
    So, I often just seem to use it for, with chown though so.
  • 12:06
    Next thing I want to do here, is,
  • 12:08
    I'm going to go to my local host,
  • 12:11
    an installation I have of Drupal 6 and just
  • 12:15
    sort of see this in a little bit
  • 12:16
    of a Drupal context.
  • 12:19
    And I'm going into sites/default, right,
  • 12:22
    which is where we have our
  • 12:23
    settings.php file, that needs to be set up.
  • 12:26
    And, so you can see the default one that comes
  • 12:30
    with Drupal is here.
  • 12:31
    These are just the permissions from, you know,
  • 12:33
    my random checkout that I did.
  • 12:36
    And what you need to do, whenever you do an installation,
  • 12:38
    of course, is copy default.settings.php,
  • 12:41
    to the regular settings.php.
  • 12:44
    Now, it's giving me a permission denied,
  • 12:46
    and sometimes you'll see this when you're trying
  • 12:47
    to do your installation, you know,
  • 12:50
    stuff you get all kind of permission errors, or something.
  • 12:51
    So I wanted to kind of walk through some of these.
  • 12:54
    So, I'm just trying to copy it, and it's totally
  • 12:57
    not giving it to me.
  • 12:59
    So, again, like we looked at earlier,
  • 13:01
    you can use the sudo command to help you escalate
  • 13:05
    temporarily and get to where you need to be.
  • 13:08
    So, same as before, we're going to just do sudo,
  • 13:11
    and then the command that I was trying to do,
  • 13:14
    that didn't have permission, which is, just copy.
  • 13:17
    So I'll copy my settings.php.
  • 13:20
    That works fine.
  • 13:22
    When we come into look at the permissions, everything's cool,
  • 13:25
    the permissions are the same but the owner is now root,
  • 13:27
    because I did that as sudo, which is root.
  • 13:29
    So now it's owned by root, rather than addi.
  • 13:33
    So, I'm going to go ahead, just to make everything
  • 13:35
    look pretty and matching, I'm going to go ahead
  • 13:37
    and change the ownership on this.
  • 13:39
    Now, I'm going to try and change the ownership to addi,
  • 13:42
    but again, remember, it's owned by root.
  • 13:44
    So what do I need to do?
  • 13:45
    sudo chown addi, settings.
  • 13:48
    And then now, when I look at this, voila.
  • 13:52
  • 13:53
    So now it all, sort of, looks the same,
  • 13:54
    and I sort of have a place to start from.
  • 13:57
    Now, when I'm trying to do my installation,
  • 13:59
    I might need to add write permissions.
  • 14:01
    Sometimes you get that, "Ah, we can't write to the file,"
  • 14:05
    so--so I'm going to chmod.
  • 14:08
    I want to just give everybody write permissions.
  • 14:11
    So it's an a+w, boom!
  • 14:14
    So, settings is completely wide open and writable.
  • 14:17
    This is not a state we normally want to leave it in.
  • 14:20
    We've run our installation, it's done.
  • 14:22
    It says, "Hey, change it back."
  • 14:25
    So, what we want to do is chmod,
  • 14:27
    and actually, we don't even, Drupal by default wouldn't
  • 14:31
    give write permissions on anything.
  • 14:34
    So I'm going to say for everyone equal.
  • 14:37
    So rather than adding or subtracting,
  • 14:38
    I'm just going to say exactly what the permission
  • 14:42
    should be for everybody, and it's read only.
  • 14:44
    So, for everybody, equal, r, read only, on this file,
  • 14:49
    and then boom!
  • 14:51
    It goes ahead and takes care of that.
  • 14:54
    So now, settings.php
  • 14:55
    is read only and nobody can actually write to the file,
  • 14:58
    and everything's set.
  • 15:00
    It's important stuff to sort of know and pay attention to.
  • 15:03
    You don't want people to be getting in and monkeying with
  • 15:05
    your settings file.
  • 15:07
    Now, if I try and remove this, like if I wanted to just
  • 15:09
    delete this installation.
  • 15:13
    So it's asking me, "Permission denied." I don't have write
  • 15:16
    access, I'm the owner, but I can only read it.
  • 15:19
    So, I only gave myself read only access.
  • 15:22
    So again, sudo rm is the only way to get rid of it.
  • 15:28
    So, just because I'm the owner, if I don't have write access,
  • 15:32
    I still can't actually delete the file or modify the file.
  • 15:36
    So I'm going to have to sudo, or change
  • 15:38
    the permissions using chmod.
  • 15:41
    So, that was a bunch of stuff.
  • 15:43
    Again, it's sort of a good idea to just copy some stuff,
  • 15:46
    play around with it.
  • 15:47
    Change your own permissions, change your ownership on things
  • 15:50
    and sort of get a feel for how all that stuff works.
  • 15:52
    So that when you need it in the real world,
  • 15:54
    it's not quite a stretch.
Loading ...

Dealing with Command Line Permissions


In this next video of our command line series, we will look at permissions and ownership of files and folders - how to understand the information you see and change it. It covers the following commands:

  • chmod
  • chown
  • chgrp
  • sudo

Note: this video was originally released September 16, 2009 on

Additional resources:
There are no resources for this video. If you believe there should be, please contact us.