Ubuntu - managing files & directories with appropriate permission

Overview

Unlike Windows or Ubuntu desktop, the Ubuntu server is able to manage with a console without GUI (graphical user interface). This can be challenging for the first time in accessing the server through the black color console. Nonetheless, managing the file and directory through console is quite easy to learn.

File & directory operations

• Jump to my home directory,

  cd ~/
  

• To create directory,

  mkdir my_new_directory
  

• To remove directory including the sub-directories,

  rm -r my_directory
  

• To edit a text file, we are using nano text editor and here's how we use this text editor.

  nano filename
  

  Or if the file requires root permission,

  sudo nano filename
  

• To copy file/directory,

  cp from_file to_file
  

  To copy some files into another directory,

  cp myfile* /to/another/directory/
  

• To rename or move file/directory,

  mv old_name new_name
  

File & directory permissions

• To change user's home directory,

  sudo usermod -d /home/newdirectory -m ftpuser
  

• chmod (change mode) command - for changing the file or directory access permission.

  • Using numeric form of permission:

    • To change a directory or file permission (where '777' is full access to everyone - refers to the Reference section in this topic).

      chmod 777 my_directory
      

      Or using sudo if root permission is required

      sudo chmod 777 my_directory
      

    • chmod manages file and directory from three different user perspective aside from the access right, where

      • 'Owner' is the first number (7 in this case).
      • 'Group' is the second number (7 in this case).
      • 'Others' (or anyone else) is the third number (7 in this case).

      And each flag has three types of access right or action,

      • Read (value of 4)
      • Write (value of 2)
      • Execute (value of 1)
      • where
        • 7 is full access (i.e., the sum of 1 + 2 + 4).
        • 0 means no access at all.

      Notes: if you have a bash file (with .sh file extension) that does not have execute access right, then, you will not be able to execute that bash file.

  • Using short code form of permission:

    • Grant the write permission to the user,

      sudo chmod -R u+w my_path
      sudo chmod -R +w my_path
      

      Both the commands has the same effect and '-R' means recursive.

    • Grant the write permission to the group,

      sudo chmod -R g+w my_path
      

    • Grant the write permission to the others,

      sudo chmod -R o+w my_path
      

    • OR grant write permission by combining user (u) and group (g),

      sudo chmod -R ug+w my_path
      

    • Here's the notes in the manual,

      Each MODE is of the form '[ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+'.
      

      where

      • 'u' - user.
      • 'g' - group
      • 'o' - other ('the world')
      • 'a' - same as the combination of ugo.
      • 'r' - read permission
      • 'w' - write permission
      • 'x' - execute permission if it a file or allows access if it is a directory. If you remove 'x' from a directory, ls command will return 'Permission denied' error.
      • 'X' - (capital X) is to allows access a directory and it has no effects on any file.
      • 's' - set the execution bits. For example, sudo chmod g+s /home/user1 will set the current ACL to be inherited to the new files.
      • 't' - the sticky bit that restricts the directory content to be managed by the owner or root. For example, a sub directory cretated in /tmp where /tmp may have directory created by many programss.

  • There is a sticky bit that can be set in a directory where it restricts the directory content to be managed by the owner or root. For example, a sub directory cretated in /tmp where /tmp may have directory created by many programss.

    For example, the 'temp' directory is accessible by managed by the directory owner

    sudo chmod -R 1777 /var/www/app/crm/temp
    sudo chmod -R a=rwx,o+t /var/www/app/crm/temp2
    

• We use chown command to change the directory/file owner to current user,

  sudo chown -R $(whoami) my_directory
  

  Or change the owner to 'tester' (an user ID),

  sudo chown -R tester my_directory
  

  Or change the owner to 'tester' and group ('officeusers'),

  sudo chown -R tester:officeusers my_directory
  

• 16.Jul.2025: the following script is to remove the file execution permission. This is an important step to secure your server because we don't want that all files that has execution permission.

  We create a bash file called update-perm with the following contents:

  #!/bin/bash
  
  # set the permission.
  # - for directory, allows read/write and sub-dir is accessible.
  # - for file, allows read/write without execute perm.
  
  if [ -z $1 ]; then
  echo "Missing the directory name to be set"
  exit
  fi
  
  find $1 -type d -exec chmod 775 {} \;
  find $1 -type f -exec chmod 664 {} \;
  

  • For the directory type, we will set the permission to 775 which will grant full access to the mentioned user ID (the first digit is '7') and the group (the second digit is'7'). Then, anyone other than the mentioned user id and group will be able to access the directory but not allow to make any changes (the third digit is '5' means allows read and execute, ie allows to access the directory and retrieve the contents).
  • For the file type, we allows the mentioned user ID (the first digit is '6') and group (the second digit is '6') to be able to read and write the file. For anyone other than the mentioned user ID and group (the third digit is '4'), they will be able to read but not write.

  To use this script, you may pass a directory and all sub-directories and files will have limited permission.

  ./update-perm /var/my-app-directory
  

  With this script, you don't have to type the lengthy commands and it helps to standardize the file permission.

User storage quota

22.Sep.2022: Enable the storage quota for the user.

1. If the user is allowed in accessing the server storage, you may want to limit their usage by setting a quota for them.

   sudo apt update
   sudo apt install quota
   

2. To confirm that the quota feature has been installed, run this:

   quota --version
   

3. Make sure that the quota module is in the OS.

   find  /lib/modules/ -type f -name '*quota_v*'
   

   In my virtual machine, I have this result,

   /lib/modules/5.4.0-65-generic/kernel/fs/quota/quota_v2.ko
   /lib/modules/5.4.0-65-generic/kernel/fs/quota/quota_v1.ko
   /lib/modules/5.4.0-97-generic/kernel/fs/quota/quota_v2.ko
   /lib/modules/5.4.0-97-generic/kernel/fs/quota/quota_v1.ko
   

   In case the file does not exist, try this:

   sudo apt install linux-image-extra-virtual
   

   This is for AWS server,

   sudo apt install linux-modules-extra-aws
   

4. Edit the file system configuration,

   sudo nano /etc/fstab
   

   Replaced the 'defaults' word with 'usrquota,grpquota'.

   UUID=c474e3a1-a40f-4a66-becf-1fa084f95832 / ext4 usrquota,grpquota 0 0
   

   Notes: you may have different UUID value and it is ok.

5. After that, we will have to remount the file system with the following command,

   sudo mount -o remount /
   

   To verify the changes, run the following command.

   cat /proc/mounts | grep ' / '
   

   I see the following result.

   /dev/sda2 / ext4 rw,relatime,quota,usrquota,grpquota 0 0
   

   Notes: you may have different value of '/dev/sda2' and it is ok.

6. Now, we are ready to turn on the quota module,

   sudo quotacheck -ugm /
   

   Where 'u' is user, 'g' is group and 'm' is no remount.

   For more information about the paramters, please refers to https://manpages.ubuntu.com/manpages/bionic/man8/quotacheck.8.html

   This generates 2 files (aquota.group and aquota.user):

   tester@ubuntu11:~$ ls -la /
   total 132
   drwxr-xr-x  23 root root  4096 Sep 22 10:36 ./
   drwxr-xr-x  23 root root  4096 Sep 22 10:36 ../
   -rw-------   1 root root 10240 Sep 22 10:36 aquota.group
   -rw-------   1 root root  8192 Sep 22 10:36 aquota.user
   drwxr-xr-x   2 root root 12288 Feb  3  2022 bin/
   drwxr-xr-x   3 root root  4096 Feb  3  2022 boot/
   ...
   

7. Reboot the server. This is to ensure that the server is able to start normally after the above changes.

8. Finally, you may set the quota for the user. In the following example, I'll allocate 1GB storage space to myftpuserid account.

   sudo setquota -u myftpuserid 1G 1.2G 0 0 /
   

   Notes: the first 1G is the soft limit and then the 1.2G is the hard limit. The last two zero is to limit by the number of files.

9. In case you want to review the quota usage, run the following commands.

   sudo repquota -s /
   

References

• For more details about chmod command:

  https://ss64.com/bash/chmod.html

• For more details about chown command:

  https://ss64.com/bash/chown.html

• How To Set Filesystem Quotas on Ubuntu 20.04:

  https://www.digitalocean.com/community/tutorials/how-to-set-filesystem-quotas-on-ubuntu-20-04

• 11.Aug.2024 - fixing disk space issue in Linux:

  https://docs.digitalocean.com/support/how-do-i-fix-disk-space-issues-on-my-droplet/

Related posts

Back to #UBUNTU blog

Back to #blog listing