File Permissions & Ownership

Overview

File permissions control who can read, write, or execute files on Linux systems. This is crucial for:

Running bash scripts
Sharing datasets between users
Securing sensitive files
Managing group access on shared systems

Quick Reference

Common Permission Commands

# Make script executable
chmod +x script.sh

# Make readable by everyone
chmod a+r data.txt

# Recursive permission change (directories)
chmod -R 755 my_datasets/

# Change ownership
chown user:group file.txt

# Recursive ownership change
chown -R user:group datasets/

Making Scripts Executable

Basic Usage

Make script executable and run it

# Give execute permission
chmod +x /path/to/yourscript.sh

# Run from absolute path
/path/to/yourscript.sh

# Or run from current directory
./yourscript.sh

Using Relative vs Absolute Paths

# If script is in current directory
chmod +x myscript.sh
./myscript.sh

The ./ indicates “current directory”

# Full path to script
chmod +x /home/user/scripts/myscript.sh
/home/user/scripts/myscript.sh

Can be run from any directory

# Add scripts directory to PATH
export PATH="$PATH:$HOME/scripts"

# Now run without ./
myscript.sh

Most convenient for frequently used scripts

Understanding Permission Numbers

Permission Structure

chmod 755 file.txt
      ^^^
      |||
      ||+-- Others (everyone else)
      |+--- Group (users in same group)
      +---- Owner (you)

Permission Values

Number	Permissions	Meaning
7	`rwx`	Read + Write + Execute
6	`rw-`	Read + Write
5	`r-x`	Read + Execute
4	`r--`	Read only
0	`---`	No permissions

Common Combinations

# Owner: read+write+execute, Others: read+execute
chmod 755 script.sh

# Owner only can execute (secure)
chmod 700 secure_script.sh

# Everyone can read, owner can write
chmod 644 data.csv

# Group can also write (shared projects)
chmod 664 shared_data.csv

# Standard directory permissions
chmod 755 datasets/

# Shared directory (group write access)
chmod 775 shared_datasets/

# Private directory
chmod 700 private/

Symbolic Permissions (Alternative)

Instead of numbers, you can use letters:

# Add execute for owner
chmod u+x script.sh

# Add read for everyone
chmod a+r data.txt

# Remove write from others
chmod o-w sensitive.txt

# Set group to read+write
chmod g=rw shared.csv

Breakdown:

u = user (owner)
g = group
o = others
a = all
+ = add permission
- = remove permission
= = set exact permission

Ownership Management

Change Owner

# Change owner
sudo chown username file.txt

# Change owner and group
sudo chown username:groupname file.txt

# Recursive for directories
sudo chown -R username:groupname datasets/

Practical Example: Shared Dataset

Setup shared dataset for team

# Create shared directory
sudo mkdir -p /data/shared_datasets

# Change ownership to group
sudo chown -R :ml_team /data/shared_datasets

# Set permissions: group can read/write
sudo chmod -R 775 /data/shared_datasets

# Set default group for new files
sudo chmod g+s /data/shared_datasets

Common Scenarios

Scenario 1: Downloaded Script Won’t Run

Problem: bash: ./script.sh: Permission denied

Solution:

chmod +x script.sh
./script.sh

Problem: Need to share large dataset with research group

Using Group Permissions
Using ACLs (Advanced)

# Add users to group
sudo usermod -aG ml_team alice
sudo usermod -aG ml_team bob

# Set directory permissions
sudo chown -R :ml_team /datasets/imagenet
sudo chmod -R 775 /datasets/imagenet

# New files inherit group (setgid)
sudo chmod g+s /datasets/imagenet

# Install ACL tools
sudo apt install acl

# Give specific users access
setfacl -R -m u:alice:rwx /datasets/imagenet
setfacl -R -m u:bob:rwx /datasets/imagenet

# Set default ACL for new files
setfacl -R -d -m u:alice:rwx /datasets/imagenet

Scenario 3: Secure Private Keys/Credentials

Problem: Protect sensitive files from other users

# SSH keys, API keys, credentials
chmod 600 ~/.ssh/id_rsa
chmod 600 credentials.json

# Private scripts
chmod 700 my_private_script.sh

Scenario 4: Fix “Others Can Read” Warning

Problem: Warning about file being readable by others

# Remove all permissions for 'others'
chmod o-rwx sensitive_file.txt

# Or set to 600 (owner read/write only)
chmod 600 sensitive_file.txt

Checking Current Permissions

# List with permissions
ls -l file.txt
# Output: -rwxr-xr-x 1 user group 1234 Jan 01 12:00 file.txt
#         |--owner-| |-group-| |-other-|

# List directory contents
ls -lh datasets/

# Check specific file
stat file.txt

Batch Operations

Fix All Scripts in Directory

# Make all .sh files executable
find ~/scripts -name "*.sh" -exec chmod +x {} \;

# Or using chmod directly
chmod +x ~/scripts/*.sh

Fix Dataset Permissions

# Files: 644 (rw-r--r--)
find /datasets -type f -exec chmod 644 {} \;

# Directories: 755 (rwxr-xr-x)
find /datasets -type d -exec chmod 755 {} \;

Troubleshooting

Cannot Change Permissions

Error: chmod: changing permissions of 'file': Operation not permitted

Causes:

Not the owner - Use sudo or ask owner to change
Filesystem mounted read-only - Check with mount | grep ro
File attributes - Check with lsattr file

Permissions Look Correct But Still Can’t Execute

# Check if file is actually a script
file script.sh

# Check shebang line
head -1 script.sh
# Should be: #!/bin/bash or #!/usr/bin/env python3

# Check if interpreter exists
which bash
which python3

Best Practices

Scripts: 755 (owner can edit, everyone can execute)
Data files: 644 (owner can edit, everyone can read)
Shared directories: 775 + setgid bit (chmod g+s)
Private files: 600 (owner only)
SSH keys: 600 (required by SSH)

Dataset Scripts - Download and manage datasets
HPC Usage - Permissions on shared clusters
Environment Setup - Managing Python environments