The Raspberry Pi OS, known before as Raspbian, is the Raspberry Pi’s official operating system. It is a modified version of the Debian Linux distribution, which has a multi-user nature. Unfortunately, this invites the risk of having unwanted users and malicious software. As a security mechanism, Linux implements file access permissions to control who can read, write, and execute a particular file or directory.
The Root User (Superuser)
You can create many users on a Linux system, but there will always be this special user that has administrative access to all files and directories. It’s called the root user or the superuser.
On the Raspberry Pi OS, you are logged in as a user named “pi” by default. The account privileges of pi are usually enough to work with basic tasks. However, at times, you’ll need to change something that affects the whole computer. The best way to do this is to gain root user access through the su and sudo commands.
Su and Sudo
Firstly, the su command stands for “substitute user.” When executed, it lets you do things in the command line with the privileges of another user. The command syntax is:
If used without a specified username, su assumes root user. Additionally, you can include a
- before entering the username to take the user settings and the privileges. Please take note that to change to the specified user, you need to enter their password first. Once logged in, you enter a temporary shell with that user’s privileges. Then, to exit the shell, simply enter
exit on the terminal.
On the other hand, you can use sudo or “super user do” to perform actions as the root user. Just like su, it prompts you with a password for authentication. But instead of asking for the specified user’s password, it asks for yours. Once authenticated, you can enjoy the target user’s privileges without having to enter the command again in every action. User access is also logged in sudo.
Now that we’re familiar with superuser and how to access it via su and sudo, let’s move on to the file level.
To view the file permissions of the files inside your current directory, enter the command
ls -l. It’s simply a list command with a
-l switch. With this command, you should see the list of all the files and directories on your current location. The file permissions can be seen in front of each item.
The file permissions syntax is composed of 10 characters. The first character stands for the file type, while the following nine is the access type for different user groups.
The first character can be a
- or a
- means that the item is a file while a
d means that it is a directory. The remaining nine are actually three groups of three characters. These groups refer to the user types the permissions are applied to.
- User – the first three characters represent the permissions for the owner of the file.
- Group – the next three characters are for a group of users.
- Others – the last three are for anyone else with access to the computer.
Furthermore, the three characters in each group represents level of access. These levels are:
- read – allows to view content of the specified file or directory
- write – allows to change or delete a specified file or directory
- execute – allows to run or copy a specified file or directory
If among the three characters is a
- , It means it does not apply, meaning the user group it belongs to doesn’t have the permission to perform that kind of action.
Now that we know how to view file permissions, let’s try changing them. The best way to do that is by using the chmod command.
Changing File Permissions
To change file permissions, you need the chmod command, which stands for “change the mode.” The command syntax is:
chmod mode filename.
Changing file permissions of the files and folders you own doesn’t require root user privileges. You only need it when you’re working with things outside your account. You can use either su or sudo.
Furthermore, the mode can be specified in two ways: symbolic or octal. A symbolic syntax is easier to use especially once you get familiarized with it. Below are tables that can help you identify which is which.
The symbolic mode format consists of three characters. The first character specifies the target user or user group. Table 1 shows the four letters that represent each user group.
|Letter||What It Means|
|u||The current user|
|g||The file group|
|o||Others that are outside of the owner’s group|
After the first character, you specify the action you want to take. Table 2 shows the three symbols you can use.
|Letter||What It Means|
|+||Adds/turns on a permission|
|–||Removes/turns off a permission|
|=||Ignores the current permissions and creates new ones|
Lastly, you indicate the permission you want to change. Table 3 shows the file permissions.
|X||Execute for folders|
There are many special cases when using file permissions. Most would think they would work as their names suggest. But that’s not the case. Here are some of them:
- You can only view the contents of a folder when you have execute permission. The read permission only works with single files.
- You can only rename a file if you have execute permission. Write permission only allows you to change the contents of a file. The file name is not included.
- You can run a code file using a third-party application with only a read permission.
Another way of representing file permission is by using octal format. As the name suggests, the octal format uses the octal numbering system to indicate the file permissions in a chmod command.
Table 4 shows the equivalent octal number for each combination of read, write, and execute permission.
For example, the equivalent symbolic command of
sudo chmod 4 filename is
sudo chmod u+r filename.
Changing All File Permissions Inside a Directory
Lastly, if you want to change all the permissions inside a folder or directory, use the recursive switch or
-r. You may include it anywhere in the chmod command format as long as it doesn’t overlap.