FilePermissions < Unixtips

In Unix, there are 3 kinds of actions: read, write, execute.

There are 3 kinds of "users"--the user, the members of the group, and the others. The user who creates the file in her account is automatically the owner and that is the one who can change permissions. The people who are in the same unix group (assigned by the administrator), and others, who are the rest of the world, may or may not have rights. To see the permissions and owner/group information on all files, do

ls -la

The output from that command will look something like this:

drwxr-xr-x 31 pauljohn pols 1536 Nov 29 14:26 public_html
-rwxr--r-- 1 pauljohn pols 27925 Nov 9 1998 recruit110-2.tar.gz

Look at the left. The first character indicates if the thing is a directory with "d" or a "-" if it is a file. Then, the rwx tells that the owner has read-write-execute permission on the file. Then the next 3 letters tell the power of the "group" that owns the file. In this case, the first one "r-x" means the group can read and execute, but not write in the file. In the second one, the group can only read (it says --r for them). The third triplet of letters is the "world" or "others." In this case, there is no difference in the rights of group members and the others.

The rest of the output from "ls -la" tells the name of the user (pauljohn) and the group in which pauljohn exists, which is "pols". Then it tells the number of bytes used by the file,the creation date, and the name of the file.

You use the chmod command to change permissions. In setting up html stuff, for example, you want everybody in the world to be able to open your directory "public_html", but you don't want them to write in it. So that directory needs to give others the permissions "r-x" but not "w". You can set permissions with this

chmod 755 directoryname

chmod u+rxw og+rw directoryname

The 755 numbering is "octal notation." You can use the numbers or the letters if you want. To briefly explain, the three numbers mean the permission of the Owner, the Group, and Others. Each "power" has a numerical value:


   * 0: No Permission at all 
   * 1: Execute Permission 
   * 2: Write Permission 
   * 4: Read Permission

If someone has no permission at all, they have a 0. If they have "rxw" permission, they have 1+2+4=7. If they can read only, they have 4. So, for example, if I want myself to have all powers and nobody else has any, I say chmod 700 filename

For web pages, the permissions are typically 644. You, the owner, have more permission than other users. All directories need to be set 755, and any html file can be set that way too. If you want to, you can take away the execute permission from html pages by making them 644, and they still work fine. Quick quiz. Suppose you want to change a bunch of files and all subdirectories to a certain set of permissions. How do you do it. Hint: check the chmod man page.

-- PaulJohnson - 20 Jun 2009

Unixtips

Revise Page