Bitmasks and Octal Numbers in Linux File Permissions
Part 5 of 11 of a serialized version of Bitmasks for Fun and Profit: Practical Applications for Web Developers
You have probably set file permissions before:
# Shell
chmod 755 myfile.txt
Why are permissions usually 777, 755 or 644? This is how it works!
Each digit represents a different set of permissions.
Owner: The first group of three bits
Group: The second group of three bits
Others: The third group of three bits
Each bit in these groups can be set or cleared to indicate whether a particular type of access (read, write, or execute) is allowed. Bitmasks provide a compact way to manage and manipulate these permissions.
We only need to set 3 flags for each permission setting, so we only need 23 = 8 possible values. This can be stored in three bits and fits into an octal number. Because they are single digits, they resemble a decimal integer, but 0o755 = decimal 493.
Octal numbers can be prefixed with 0o, 0O or 0:
// JavaScript
// 0o, 0O and 0 all work
// as an octal prefix
// decimal 493
parseInt(0o755);
parseInt(0O755);
parseInt(0755);
Permission Types
Each bit position corresponds to a specific permission:
Read (r): Bit 2 (leftmost bit)
Write (w): Bit 1 (middle bit)
Execute (x): Bit 0 (rightmost bit)
Each of the three digits in the octal number is a sum of the values for read, write, and execute permissions:
0o4: Read.0B1000o2: Write0B0100o1: Execute0B001
Permission Bit Position Binary Octal
Read (r) 2 0B100 0o4
Write (w) 1 0B010 0o2
Execute (x) 0 0B001 0o1These values are summed to determine the permissions for each category. For example, a value of 0o7 (0o4+0o2+0o1) means read, write, and execute permissions are all granted.
Example Bitmask
rwx(0b111): Read, Write and Execute are enabled.r-x(0b101): Read and Execute are enabled, Write is disabled.rw-(0b110): Read and Write are enabled, Execute is disabled.-wx(0b011): Write and Execute are enabled, Read is disabled.
Setting Read (r) Write (w) Execute (x) Bitmask Value
rwx 1 1 1 0B111 (0o7)
r-x 1 0 1 0B101 (0o5)
rw- 1 1 0 0B110 (0o6)
-wx 0 1 1 0B011 (0o3)Viewing Permissions in the file system:
# prints permissions and filemame
ls -l filename | awk '{print $1, $9}'
This command displays the permissions in a human-readable format:
-rwxr-xr-x filename
The First Character in File Permissions: file (-) or directory (d)
The first character in this string tells you whether it is a file or a directory.
If the first character is a hyphen (-), the file is a regular file, If the first character is a d, it is a directory:
-rwxr-xr-x fileName.txt
drwxr-xr-x directoryName
Here is a way to list by directories and files separately. The awk eliminates many columns.
This is a Django project:
ls -lAtr | grep '^d' | awk '{print $1, $9}';
ls -lAtr | grep -v '^d' | awk '{print $1, $9}'
# directories listed first grep '^d'
drwxr-xr-x venv
drwxr-xr-x store
drwxr-xr-x clothing_store
drwxr-xr-x src
drwxr-xr-x .git
total
# files listed second grep -v '^d'
-rw-r--r--@ requirements.txt
-rwxr-xr-x manage.py
-rw-r--r-- LICENSE
-rw-r--r-- README.md
-rw-r--r--@ db.sqlite3
0o755 is a common permission
Shown as rwxr-xr-x, which breaks down into:
Owner Group Others
Octal 7 5 5
Binary 111 101 101
Listing rwx r-x r-x0o755 is: [
0b111][0b101][0b101]
rwxr-xr-x
More Common Examples: `0o644` `0o777`
0o644:
Owner Group Others
Octal 6 4 4
Binary 110 100 100
Listing rw- r-- r--0o644 is
[0b110][0b100][0b100]
rw-r--r--
0o777:
Owner Group Others
Octal 7 7 7
Binary 111 111 111
Listing rwx rwx rwx0o777 is:
[0b111][0b111][0b111]
rwxrwxrwx
This is part 5 of a serialized version of my book:
Bitmasks for Fun and Profit: Practical Applications for Web Developers
All code in the book is syntax highlighted and printed in full color.
I publish several books about Guitar, Music and Programming on my Author Page on Amazon:
Follow me at Torus Head Studios!
https://torusheadstudios.com/