I'm making a "wargame" similar to the ones on overthewire.org. I have the root user, Ubuntu, that should be able to read, write, and execute files in a folder. I have one user per folder that should have read-only access to the files in that folder, and everybody else should have no access to the folder. What is the chmod command to do this? Thanks!

  • Can the read-only user also execute the files? – Darren Feb 21 '17 at 20:37

You need to set the user to be the owner chown -R <username> <foldername> (-R operates recursively) then set the permissions to be read only for just the user chmod -R 400 <foldername>. Root will be able to read and write the files regardless of the permissions set. Now the problem you're going to have is that root won't be able to execute any files unless at least one execute bit is set so you're going to have to let the owning user also execute the files with chmod -R 500 <foldername>.

See here for a pretty good explanation of file permissions.


I have the root user, Ubuntu, […]

I don't know whether you refer to the root user or to some regular user ubuntu which you consider a root user for the purpose of your game. This doesn't change much in my answer though.

In Ubuntu each regular user has their own group by default. Such group by default contains only its corresponding user. This makes the following trick possible:

sudo chown ubuntu:bob fileA
sudo chmod 740 fileA

This way ubuntu has all the permissions and bob (as the sole member of bob group) can only read the file.

You could do this the other way around:

# but don't! explanation below
sudo chown bob:ubuntu fileA
sudo chmod 470 fileA

but then bob as the owner would be able to chmod and give himself excessive permissions or to take them away from the ubuntu group, or to mangle with "everyone else's" permissions. Any answer that advises you to make bob the owner must consider this flaw.

You may want to set the directory ownership and permissions in a similar, yet somewhat different manner. You may want to do these changes recursively. Note that chown -R affects directories and files, that's why you need an approach that can tell them apart. See this answer. The approach works with chmod and chown and other tools. Adjust it to your needs.

To recursively give directories read&execute privileges:

find /path/to/base/dir -type d -exec chmod 755 {} +

To recursively give files read privileges:

find /path/to/base/dir -type f -exec chmod 644 {} +
  • not always the user accounts have their own groups. in many cases, users are in the users group. so this answer is a solution but only for specific cases. – Massimo Sep 30 '18 at 13:06

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.