A Quick Introduction to Unix/Permissions


File access rights

edit

In your home directory, type

% ls -l

You will see that you now get lots of detail about the contents of your directory.

 

Each file (and directory) has access rights, which may be displayed by typing ls -l. Also, ls -lg gives additional information as to which group owns the file (istrain in the following example):

-rwxrw-r-- 1 ccaajim istrain 3210 Aug15 14:25 train.doc

In the left-hand column is a 10 symbol string consisting of the symbols d, r, w, x, -, and, occasionally, s or S. The important ones for you right now are r for read, w for write and x for execute. If d is present, it will be at the left hand end of the string, and indicates a directory: otherwise the string will start with -.

The 9 remaining symbols indicate the permissions, or access rights, and are taken as three groups of three.

The left group of 3 gives the file permissions for the user that owns the file (or directory) (ccaajim in the above example). The rightmost group gives the permissions for all others (called world in Unix speak). The middle three columns are the rights ceded to the group to which the use account belongs.

The symbols r, w, etc., have slightly different meanings depending on whether they refer to a simple file or to a directory.

Access rights on files

edit
  • r (or -), indicates read permission (or otherwise), that is, the presence or absence of permission to read and copy the file
  • w (or -), indicates write permission (or otherwise), that is, the permission (or otherwise) to change a file
  • x (or -), indicates execution permission (or otherwise), that is, the permission to execute a file, where appropriate

Access rights on directories

edit
  • r allows users to list files in the directory;
  • w means that users may delete files from the directory or move files into it;
  • x means the right to access files in the directory. This implies that you may read files in the directory provided you have read permission on the individual files.

So, in order to read a file, you must have execute permission on the directory containing that file, and hence on any directory containing that directory as a subdirectory, and so on, up the tree.

Some examples

edit
Permission String Effect
-rwxrwxrwx a file that everyone can read, write and execute (and delete)
-rw------- a file that only the owner can read and write - no-one else can read or write and no-one has execution rights (e.g. your mailbox file)

Sticky bit

edit

The sticky bit is symbolized by a "t" flag: it means that the file or directory can only be deleted by its owner (or root).

setuid bit

edit

The setuid bit is symbolized by an "s" flag: it means that the file should be executed with the userid of its owner.

Changing access rights

edit

chmod (changing file mode)

edit

Only the owner of a file can use chmod to change the permissions of a file. The options of chmod are as follows

Symbol Meaning
u user
g group
o other
a all (that is u and g and o)
r read
w write (and delete)
x execute (and access directory)
+ add permission
- take away permission

For example, to remove read write and execute permissions on the file allcolours for the group and others, type

% chmod go-rwx allcolours

This will leave the other permissions unaffected.

To give read and write permissions on the file allcolours to all,

% chmod a+rw allcolours

Using integer parameters with chmod

edit

As well as using the syntax outlined above you can also use chmod with a numeric parameter that represents the users and permissions intended. A common example is

% chmod 755 myscript.sh

This example is equivalent to chmod u=wrx,g=rx,o=rx

How does this work? Well, let's call the number a triple to remind us that it's a string of three digits. Each digit represents the permissions for one of u, g and o. We give each possible permission a numeric value like this

Number Meaning
1 execute
2 write
4 read
0 clear the permission

In our example above, the number string is 755. There is only one way this could add up (so to speak).

Position Value Composition
u 7 4 + 2 + 1
g 5 4 + 0 + 1
o 5 4 + 0 + 1

Which means that chmod 755 filename means read, write and execute for the file owner and read and execute for group and others.

umask

edit

This command can get or set the default permissions of the created files.