This post will look at the chmod 777 command, the impacts of running this command, and why you should rarely execute this command on any file or directory.
Linux systems are generally considered less user-friendly than an operating system like Windows. Even though this statement might raise different opinions, especially from pro-Linux users, there is usually some truth. For example, when installing an application downloaded from the internet, Windows users only need to double click on the file and follow the on-screen instructions. With Linux users, the procedure is a little different and always involves executing some commands on the Terminal.
However, this comes at a cost, especially to beginners. Whenever you encounter an issue while using Linux, the first step is to lookup for a solution online. And since these distros have their user communities, you will get a working solution that mostly has something to do with executing a command on the Terminal. However, have you asked yourself the impact of some of these commands?
This post will give you a detailed guide on the impacts of the chmod 777
command on your system. chmod is a Linux utility used to assign permissions to files and directories. Before diving deeper, let us first look at the basics of File permissions and File ownership in Linux systems. These are the two levels of authorization implemented by Linux systems for security purposes.
Understanding Linux File Ownership
Every file on your Linux system is assigned to 3 types of owners. These owners include:
- User
- Group
- Other
User
User is a word often used in place of 'Owner.' That's because every file belongs to the user/owner who created it. Let's look at a practical example of this with the commands below:
touch fileOne.txt
sudo touch fileTwo.txt
touch
is a command-line utility that you can use to create an empty file. When you run the first command touch fileOne.txt
on the Terminal, touch will create the file and assign it to the currently logged-in user. When you execute the second command, sudo touch fileTwo.txt
the file will be created and assigned to the root
user. You can verify this by running the ls -l
command as shown below.
Group
Think of a Group as a group of users. Therefore, several users can be in the same group and have the same permissions to access a particular file. For example, maybe you have ten users who want access to a specific file. Instead of changing the permissions on every user, you can add them to a single group, then assign the Group access permissions to that file. You can view all the groups o your system by running the command below on the Terminal.
groups
Other
Refers to users who are neither owners of a file nor belong in any group. Its also referred to as 'permsission for the world' since you are setting permissions for anybody else who wants access.
Here is the big question, 'How does Linux distinguish between these different users?' For example, if user 'A' created a file containing private information, how does the system prevent user 'B' from accessing this file? Well, that's where File Permissions come in.
Understanding Linux File permissions
All the three file owners discussed above (User, Groups, Others) are managed with three permissions:
- Read
- Write
- Execute
Let's discuss them in detail:
Read
- Files: With this permission, a user can open and read a file.
- Directory: A user can open and see the different contents in the directory on a directory.
Write
- Files: This permission allows a user to modify and change the contents of a file.
- Directory: In a directory, this permission allows a user to create, delete, move or rename files and sub-directories.
Execute
- Files: With this permission, a user can ru an executable file. E.g., a bash script.
- Directory: A user can set a directory as its current directory (enter the directory).
How to assign Numerical Permissions
Up to this point, I know you have one question in mind - How are these permissions assigned? That brings us to the next section, ' Numerical permissions.' Let's take a look at the command chmod 777
. The number 777 represents the different permissions for the three users.
- The first digit represents the permissions assigned to the user.
- The second digit represents permissions assigned to the group
- The last digit represents permissions set for all other users
These permissions are derived from three numbers:
- 1: Execute permission
- 2: Write permission
- 4: Read permission
To assign permission to a particular user or group, you need to add up these numbers. For example, to give a user Read, Write and Execute permissions, we will add 1 + 2 + 4 = 7. Therefore, we will assign them permission 7. From those three numbers, we can come up with other permissions like:
- 3 (1 + 2): Execute and Write permissions
- 5 (1 + 4): Execute and Read permissions
- 6 (2 + 4): Write and Read permissions
- 7 (1 + 2 + 4): Read, Write and Execute permissions
What it means to have Permission 777?
The previous section looked at the different numerical permissions and how to derive more permissions from the three main numbers (1,2,4). Permission 777 can impact your system since it gives all the users Read, Write and Execute permissions. That allows unauthorized users to access files or directories that might contain vital information. Additionally, they can efficiently execute files and programs on your system.
For example, you create a bash script on your system and assign the file permission 777. If there is a security breach and hackers have access to this file, they can easily edit the script, add their malicious code and execute the script on your system. In a web server scenario, people with malicious intents can edit the directories and files to bring down the website or serve malicious content.
Therefore, you should rarely or never set permission 777 to any file or directory on your system as you are simply giving all groups of users access to it.
What To Do Instead?
The permission you give to files and directories on your system depends entirely on the situation and what you want to achieve. Let's use an example of a web server.
For the files in a web server, we would assign them permission of 644. That means the owner can read and write the files, but user groups and anybody else only have read permissions. The permissions will be slightly different for directories, and we will use 755. That means the owner has total control of the directory, and they can enter the directory, create, modify, list files or delete files within the directory. However, other users can only enter the directory and view the files inside.
Additionally, you need to understand Linux file permissions and the chown command used to change the ownership of files and directories.
Conclusion
This post has given you a detailed guide on Linux file permissions and the impact of the chmod 777 commands. Linux is considered one of the most secure operating systems; however, this security is determined with two main parameters - File ownership and file permissions. How you play around with these two parameters has a significant impact on how secure your system is. Assigning permission 777 gives all users total control over files and directories, posing a security threat to the system.
Do you have any questions regarding this topic? If Yes! Please feel free to leave a comment below.
Thank you for your good article; in case to upload any file to the remote server – found out that permission 777 had to be given to the whole directory. Any suggestion?
The solution would vary on your requirement. You can try group based approach.