Summary

Linux file permissions control who can do what with files and directories. But if they get messed up, restoring them can be a nightmare. Cloning a working file’s permissions is the fastest solution.

On Linux, files and directories have a set ofpermissions. They control which actions can be performed, and by whom.

A directory icon with a padlock badge on it indicating the current user has no access to it

Permissions either allow or deny someone reading from a file, writing to it, or executing it. For a file, executing means running a script or application. For a directory, execute means changing into that directory withthe cd command.

Permissions directly affect the proper operation and security of your computer. Badly set permissions can cause havoc, effectively putting your data out of your reach.

GNOME asking for the root password to allow access to a directory

Files also haveowners. New users, when created, are added to a group with the same name as their user login name. By default, a user owns all the files created by them, and the file’s group is set to the user’s group. A file or directory has three sets of permissions. One for the owner, another for members of the file’s group, and a third for everyone not in the first two categories.

Unpacking old archive files or restoring information from backups made on different computers can leave you with the files, but woefully inaccurate permissions. You can get into a similar situation if you make mistakes with thechownandchmodcommands. The chmod command sets file permissions, and the chown command sets file ownership.

Examing the permissions on a directory with ls

Hand-fixing these types of error conditions is tedious. The answer is to use chown and chmod to clone the settings of a correctly configured file.

The Problem?

I needed some files from an archive file I’d been sent. Iunpacked the archive, but the extracted directory had a padlock badge on its icon.

I had to provide the root password to enter the directory. Double-clicking on its own wasn’t enough.

Using ls to examine the permissions on files and subdirectories

Checking with ls (again, using sudo) reveals the problem.

The root user owns the directory, and nobody has read or write permissions.

The files and subdirectories are also owned by root, and the permissions are a mishmash of different incorrect settings.

Recursively copying file ownership from one directory to another

Let’s sort out the ownership issues first.

Cloning Ownership With chown

I want to set the ownership of the file to me. My username is dave. We’ll use the chown command, and copy the ownership settings from a directory that is set correctly.

The–referenceoption tells chown which directory to copy the permission settings from. The-R(recursive) option tells chown to set the new permissions on the target directory, and on all files and subdirectories.

Checking the ownership of directories and files with ls

We can check with ls that user dave is now the owner of the files and directories. We still need to use sudo because we haven’t sorted out the permissions yet.

Now that we’ve reclaimed ownership of the files and directories, we can fix the permissions.

Recursively copying and setting file permissions using chmod

Cloning Permissions With chmod

This is a process very similar to the one we used with chown, but we need to be a little more careful with the permissions.

Setting the ownership is easy. All the files and directories are owned by the same user, so they all receive the same settings. But directories and executable files must have the x (execute) permission set for them. Regular files don’t need that permissions set. So we need to create several sets of permissions and apply them to the appropriate files. We can do this in three steps.

Checking the file permissions on a directory and on its contents with ls

We’ll use a regular file as the reference file first. This will set the permissions as though everything is a regular file. Then we’ll use a referenceexecutablefile to set the permissions for any shell scripts. Finally, we’ll use chmod in the traditional way to set the execute permission for the directories.

Our first step is to use the regular file as the reference file:

Redcursively setting the permissions for executable scripts using chmod

We can use ls to see what effect this has had.

sudo ls -hl project

Using ls to verify the execute permission has been set on an executable script

The permissions from the reference file (read and write for the owner and group, and read-only for others) have been replicated on all files and directories.

We need to restore the execute permission on any scripts. We’ve got a reference script we can take the permissions from.

We’re using a wildcard “*” because it’ll cope with any script file in the entire directory tree, regardless of its name.

We can see that the execute permission has been set on the “appveyor.sh” file.

Restoring the execute permission on the directories involves a neat trick. We can’t use a wildcard because it’s liable to match files too. So what we do is use theuppercaseX permission flag. This means “set the executable bit only if the target is a file with the executable bitalreadyset, or it is a directory.”

We can use this because our executable scripts already have the executable bit set, and they’ll retain it. All the directories in the directory tree will have the executable bit set, too.

We now have things back to a working state with the correct ownership, correct permissions, and directories that let you cd into them.

Cloning Everything With setfacl

If you’re usingAccess Control Lists(ACLs), you may still clone the settings from a correctly set file to other files. ACLs give you granular control, allowing you to do things like specify permissions on a per-user basis, with different users having different permissions.

To clone the settings, we need to pipe the settings from our correctly configured file to the command to set the permissions.

We can see the ACL settings on the existing file using the getfacl command.

The owner, dave has read, write, and execute permissions. User mary has read and write permissions. To clone these settings to the files in the project directory, we use the setfacl command. We pipe in the output from the getfacl command to make sure we get the ACL settings that we want. The files we want to apply the ACL settings to are in a directory called “source.”

The–set-fileoption usually takes the name of a file that you want to copy the settingsfrom. Using a single hyphen “-” as the filename tells setfacl to use stdin as its data source. This will be our piped data.

Looking at any of the files in the source directory verifies that the copied ACL settings have been applied.

Out of Chaos, Order

Seeing the mess you’re sometimes dumped into after downloading, restoring, or unarchiving files can make your heart sink. But it is easy enough to bring order to the chaos with just a few commands, used in the right order.