What permissions a program folder typically needs?

I’ve had issues with at least fsearch not being able to write its own configuration file – this was resolved by giving “full” permissions in the Nautilus file manager. The default permissions appear to be:

Screenshot from 2020-08-24 11-53-15

Note that the program was compiled from source and not installed from Fedora repos.

Can you clarify what level of permissions are generally needed for manually installed software and how to set them from the command line as well?

To set permissions from the command line, use the chmod command. General syntax is chmod <permissions> <file>, check the manpage (man chmod) for details.

Hard to answer in general, as some programs might require specific permissions, but in the simplest case:

Ownership:
If the program is installed to your home directory, all files should be owned by your user & group (<youruser>:<youruser>).
If the program is installed to a system directory (typically /usr/local/), all files should be owned by root:root.

File permissions
If the file needs to be executable or is a directory, it should be readable & executable by everybody, writable only by the owner (chmod 755 or chmod u=rwx,go=rx).
If the file does not need to be executable, it should be readable by everybody, writable only by the owner (chmod 644 or chmod u=rw,go=r).
If the file/directory contains sensitive data (e.g. passwords, keys etc.), remove all permissions for group/other (chmod 700 (directories/executables) / chmod 600 (normal files) or chmod go-rwx).

1 Like

A program to run must have execute permissions. In order to write to an existing file or create a new file in a directory the user must have write permissions on the file/directory.

If you compiled a program and installed it in a system area then it is possible the configuration file is being written there and the standard user should not have write permissions there.

If it was compiled by a standard user and installed in the users home directory structure then that user should already have write permissions in the directory but unless explicitly given during the install even the executable may not have execute permissions.

You can find out how to change permissions from the command line by looking at the man page for “chmod” .

“Full” permissions implies that everyone has read, write, and execute permissions and that may not be a good thing. It can become a huge security risk.
On a fedora system the standard user has full read & write permissions within his own home directory structure for both files and directories, but group and other only get read permissions by default. Execute permissions are never granted by default to files

If you do “ls -l” on your home directory (or sub-directories) you will see what permissions are granted to a user in his home directory. Note that most files will be “-rw-r–r--.” and most directories will be “drwxr-xr-x.” Changing these requires careful use of nautilus or “chmod” from the command line. (I do not believe nautilus is able to change the execute bit on files but it does affect the ability to navigate the directory tree where the user has write permissions.)

1 Like