{ Permissions and Links. }


By the end of this chapter, you should be able to:

  • Determine the permissions set for a file or a directory
  • Manage and change permissions using chmod
  • Manage and change users and groups using chown and chgrp
  • Explain what root is, and the relationship between root and sudo
  • Create links in the file system using the ln command
  • Explain the difference between a hard and a symbolic link


When you're working in Terminal, you may sometimes find that you're not allowed to do things you want to do. Maybe you're trying to install something, or move a file from one directory to another, and you get an error telling you something along the lines of "permission denied." These sorts of permissions errors are extremely common, so understanding how to deal with them is important. That's what we'll learn how to in this chapter.

Users and Groups

Before you learn about permissions, you first need to understand users and groups. Let's take a look at an example. Head to your home directory and list everything using the ls -lah command. (Not sure what the h flag does? Check the manual!)

The output you get might look something like this:

listing items in home directory

The details of these files aren't important. What you should see is a bunch of rows of output, one row for each file or directory. Let's figure out what all of this actually means. For instance, here is the line for the .bashrc file from the above screen shot:

-rwxr-xr-x 1 eschoppik staff 67B Aug 29 2014 .bashrc

The third column specifies the username of the user that owns the file. In this case, eschoppik is the owner of the file. The fourth column specifies the name of the group associated with the file. In this case the group staff is associated with the file.

In most Mac systems, users are also members of the staff group. To see which groups you are a member of, type the groups command in Terminal. The staff group will likely be one of the many groups you are in. As we will see next, permissions can be set for the owner of the file, a user that is in a group associated with the file, or a user that is neither the owner nor a member of the associated group.


Let's take a look at that .bashrc line again:

-rwxr-xr-x 1 eschoppik staff 67B Aug 29 2014 .bashrc

We've already talked about the third and fourth columns in this output. Now let's talk about the first column. The -rwxr-xr-x refers to permissions of the .bashrc file. Each character of the permissions string, -rwxr-xr-x describes something about the file's permisisons. But what are permissions? A file's permissions is a set of rules that describes which operations a user can or cannot perform on a file or folder. There are 3 types of operations that can be allowed or not allowed:

  • r - reading the file
  • w - writing to the file
  • x - executing the file (we will go into this in more detail soon)

You may be asking at this point, why is the permissions string so long if there are only 3 operations that can be specified? Well, a permissions string describes different types of users that can or cannot perform read, write and execute operations. You may be one of 3 different types of users:

  1. The owner of the file.
  2. Not the owner, but a member of a group associated with the file.
  3. Other. Not an owner and not in a group that is associated with the file

So a permissions string specifies the permissions for all 3 types of users plus an extra character to specify the type (file, folder, etc).

Here is how the above permissions string breaks down:


In other words, this string says that .bashrc is a file, that the owner of the file can read, write, and execute, users in the group can only read and execute, and other users can only read and execute as well.

Changing Permissions

To change the permissions of a file we use the chmod command. For each set of permissions (owner, group, everyone) we can assign a number from 0 to 7. This is called octal (base-8) notation. Here's a table that illustrates what each number means.

Number Permission rwx (display in terminal)
0 none ---
1 execute --x
2 write only -w-
3 write and execute -wx
4 read only r--
5 read and execute r-x
6 read and write rw-
7 read, write and execute rwx

So if we want to change a file so that only the owner and group can read, write, and execute, we would type chmod 770 somefile.txt.

If you'd like to be a bit more specific, you can also set permissions using what's called symbolic notation. Here's an example of what that looks like:

chmod ug+rwx,o-rwx hi.txt

This is saying "add read, write, and execute permissions to the user and the group, and remove read, write, and execute permissions from other." While a bit more verbose, it's also a little more descriptive. To see more examples of symbolic notation, check out this article.

If we want to change permissions for a folder, we need to add the -R flag: chmod -R 755 some_folder.

You can read more about chmod here.

Executable Files and Folders

Now let's talk a little bit more about what the x (executable) means for a file or a folder's permissions. If you have executable permissions on a folder, it means that you can cd into it. See what happens with the following commands:

mkdir test_folder
cd test_folder
cd ..
chmod 666 test_folder
cd test_folder

You should see an error saying permission denied. Add the execute permission back to the folder, and then remove the folder.

Now onto executable files. When a file is executable, it can be run from your shell as if it were a program. Let's first create our file. Type the following in your terminal:

echo ls > test.sh
echo pwd >> test.sh
echo pushd . >> test.sh
echo "cd ~" >> test.sh
echo "pwd" >> test.sh
echo popd >> test.sh
cat test.sh

The test.sh file should look like the following now:

pushd .
cd ~

(Did you notice that our first echo command used a single arrow (>), while the other commands used two? We'll explore the difference between these two operators in the next chapter!)

Now let's make the file executable and run it. Use chmod to make it executable: chmod 755 test.sh. Next, execute the file by providing a path to the file. In our case, the file is in the current directory, so to execute it, we do the following: ./test.sh. We just made our first executable shell script!

chown and chgrp

Now that we have a clearer understanding of users, groups and permissions, let's take a look at the line from ls -lah again:

-rwxr-xr-x 1 eschoppik staff 67B Aug 29 2014 .bashrc

  • The 1 refers to the number of files (this will always be 1 for files)
  • eschoppik is the "owner"
  • staff is the group
  • 67B is the size of the file
  • Aug 29 2014 is the last day the file was modified
  • .bashrc is the name of the file

So what if we don't want eschoppik as the owner of the file any longer? Or what if we want a different group to own that file? We can use one of the following commands:

chown anotheruser:anothergroup .bashrc

Or if we just want to change the group:

chgrp anothergroup .zshrc.

Now let's take a look at this line from the ls -lah command:

drwxr-xr-x 6 root admin 204B Oct 20 2015 ..

The other file said eschoppik for user and staff for group, but this one says root and admin. We can also see that this is a directory because it starts with a d before listing the permissions. So what is the root user?

root user and sudo

The root user is a special user on your computer that has the power to do anything it wants. It can change permissions on any file, delete anything it wants, etc. When you see root as the owner, and you want to make a change to that file, you have to use a command called sudo. The sudo command gives you the powers of the root user for just one command and will ask you for your password in order to preform the command. Try out commands with sudo. Create a file called somefile.txt. Then make the owner the root user:

sudo chown root somefile.txt

Now try to delete the file without using sudo. You are not allowed. Look at the permissions. Why is this not allowed?


Since we have files and folders located all over our file system, it becomes difficult to identify where many of these are located. Fortunately, we can create a link (also known as an alias) to a file or folder using the ln command. The structure looks like this:

ln path_to_link name_of_link

There are two kinds of links we can make, hard and symbolic links - let's see how they work!

Hard Links

Let's create a file called learn.txt in our Desktop folder (type in cd /Users/$USER/Desktop if you need to get there). We can open up our learn.txt file using open learn.txt and let's add the text "Learning about links!".

Now let's create a link to this file! We can call our link first_link. To do this we use the ln command and type ln learn.txt first_link. Now if we cat first_link we should see the output "Learning about links!".

If we decide to move our learn.txt file anywhere we still have a link to it through first_link! Pretty awesome!

If we decided to delete our learn.txt file, what happens to our hard link? Let's rm learn.txt and then cat first_link. We still see that we have a link! This might seem strange; shouldn't a link be broken if a file is removed? Not with hard links! You can think of a hard link like a direct copy of a file. If the file is removed, the link still exists.

Symbolic Links

We saw that when we remove the original file, any hard links still remain and contain the entire source file. This is usually not what we want, since we usually want a reference to some file and not a direct copy. To create a reference instead of a copy, let's make a symbolic link.

To create a symbolic link, we use the -s flag when creating a link. Let's create a new file called learn_again.txt and then create a symbolic link using ln -s learn_again.txt first_sym_link. If we cat first_sym_link we do not get any errors! But if we delete or move learn_again.txt, our first_sym_link will be broken!

We can also use symbolic links for folders as well, which makes it very useful if we need to access a folder but do not remember the path. However, if your original file/folder path changes or is removed , the symbolic link will break!

When you're ready, move on to Redirection


Creative Commons License