from http://www.dummies.com/computers/raspberry-pi/working-with-file-permissions-on-your-raspberry-pi/
Raspberry Pi For Kids For Dummies By Richard Wentk
There’s no way around file permissions on the Raspberry Pi. You have to understand them and know how to use them, or you won’t get much done with Linux.
You need to know a handful of commands for working with permissions. The following table shows a list.
Command What It Does
- ls -l Lists files with permissions
- chmod Changes file permissions
- chown Changes the file owner
- groups Checks the users in a group
- useradd Adds a user to a group
- chgrp Changes the file group
You can use the –l switch to check permissions them when you use the ls command to list the files in a folder. But what if you want to change them?
To use chmod to change file permissions, you have to tell it three things:
Who you’re setting permissions for
How you’re setting them (there’s more than one way . . .)
What you’re setting them to
An example command looks like this:
sudo chmod a+w filename-or-full-filepath In the following sections, this command is broken down. You have to start the command with sudo. Otherwise, you can’t change permissions for files you don’t have permissions for.
The following table shows you how to pick a letter to tell the command who you’re setting the permissions for.
Letter What It Means
- u The owner of the file
- g The file group
- o Everyone who isn’t the owner or the group
- a Everyone at all — no exceptions
Next, you specify how you want to change the permissions. The following table has the details.
Letter What It Means
-
- Adds/turns on a permission
- – Removes/turns off a permission
- = Ignores the current permissions and sets some new ones The + and – options change the permissions that exist already. Use them if you want to add or remove a permission. For example, you can change the write permission only and leave the read and execute permissions alone.
The = option changes all the permissions at once. Use it when you don’t care about existing permissions, and you just want to swoop in and set them all how you want.
The following table shows you which letters to type to select the different permissions. This part is easy.
Letter Read r
- r Read permission
- w Write permission
- x Execute permission
- X Special magic execute permission for folders
Most of these do what you expect, but execute has some special features:
You can look inside a folder only if you can execute it. You may think read would be enough, but it isn’t.
You can rename a file only if you can execute it. You may think write would be enough, but it isn’t.
As long as you can read a file, you can run it as code if it gets passed to some other app. You may think you need execute, but you don’t.
For example, if you have permission to read a file, you can run it as Python code because you’re actually executing Python first. Python reads the file, so it’s Python’s permissions that matter.
You need the execute permission only if the file is a self-contained app.
Confused? Probably. There’s no simple way to make sense of these special cases. You just have to think them through, remember them, and say “Huh” a lot when you forget them, until you check online and remind yourself.
If you’re trying to make software work together — for example, if you’re trying to use Python to create a web page for you — and you’re getting nothing, it’s a good bet the permissions aren’t right.
Sometimes permissions fail silently. Nothing appears on the screen. Stuff just doesn’t work, and you have no idea why. As a rule, when something doesn’t work and you have no idea, check the permissions first.
Permissions are complicated, so you need to practice them. You probably won’t remember them otherwise.
Here’s a simple example. Say that you want to set permissions so that everyone who uses your Pi can write a file. Can you work out what the command should be? Assume that everyone can read it already.
It should look like this:
sudo chmod a+w filename-or-full-filepath The following figure shows a before-and-after so that you can see how this command changes the permissions string when you use the ls command. After the command, everyone can edit the file.
image0.jpg If you want to set multiple permissions, put them together like this:
sudo chmod a+rwx filename-or-full-filepath You don’t need to use sudo to change the permissions on the files you own, so you can usually do whatever you like to files in your home directory. But if you’re trying to work with files elsewhere in your Pi, you definitely need sudo.
Sometimes permissions look like numbers. For example, blog articles and books sometimes tell you to set the permissions on a file to 777 or 644 or some other number.
Numbers are just a quicker and more compact way to define permissions. They’re easier to remember than a long row of letters. They’re also quicker to type.
But what do they mean? The first number sets your personal permission, the second number is the group permission, and the third number is the everyone else permission. So this is really just another way to write rwx three times.
The following table shows you how to convert between a three-letter permission string into a single number.
Number Read r Write w Execute x 7 r w x 6 r w – 5 r – x 4 r – – 3 – w x 2 – w – 1 – – x 0 – – –
744 = rwxr--r--
777 = rwxrwxrwx
600 = rw-------
You can use the numbers instead of the letters in chmod, like this:
sudo chmod 644 filename-or-full-filepath
This sets the permissions to
rw-r--r-
If you want to change all the permissions inside a directory, you can change them for every file by hand — which can take a very long time.