Every file or folder in UNIX has access permissions. There are three types of permissions:

• read access
• write access
• execute access

Permissions are defined for three types of users:

• the owner of the file
• the group that owns the file
• other users

Permission Overview

You can check the permissions on files in a specific directory by executing the command:

ls -l

or:

ll

The following is an example of the output of the command:

drwxr-xr-x   1 s001234   s00          32 Feb 28 10:45 dir1
-rw-r--r--   1 s001234   s00        8347 Feb 28 10:45 file1
-rw-r-----   1 s001234   s00        3335 Feb 28 10:45 file2
-rw-------   1 s001234   s00          19 Feb 28 10:45 file3

In the first column you will find a ten character code defining the permissions of the file or directory e.g.

drwxr-xr-x

The first character tells the type of the object, where "d" means directory. The next nine characters are grouped into sets of three, defining read, write and execute permissions, for owner, group and other respectively.

In this table you can see an overview of how permissions can be represented

Permission Table

Returning to the example we see that dir1 is a directory (the "d" in the first column). By using the permission table we see that the user s001234 can read, write and execute (enter/search) the directory. The s00 group members and other can only read and execute the directory. file1 is readable and writeable for the user and readable by the group and others.

The permissions can also be represented as octal digits or binary values as shown in the table.

You might sometimes see other characters in place of the normal ones. This is because of a fourth property called setuid. Read more about setuid on Wikipedia.

Changing permissions with chmod

You can change the permissions of a file or directory by using the command chmod . The input to the command is shown below:

 chmod [who]operator[permissions] file 

The first input following the command is a list. [Who] can be one or more of the following:

• u - the user (owner)
• g - a group
• o - other
• a - all of the above

The operator is "+", "-" or "=", where "+" adds permissions, "-" removes them and "=" sets them equal to the exact list of permissions given. [permissions] is a list of

• r - read
• w - write
• x - execute.

An example:

chmod go+r file1

This would add read permissions for group and other for file1.

Using the table from above, we can set all permissions for file1 with a couple of numbers. Remember that the first is owner, the next is group and the third is everyone else:

chmod 755 file1

This will give everyone permission to read and execute the file, while the owner may also change it.

G-Bar home dir permissions

The standard home dir (e.g. your s001234 student home dir) is by default readable by all other users.

To change the permission of your home directory, so others can't access it, enter the following command:

chmod go-rx ~

The following command will change the settings back to grant everyone read and execute access to your home directory:

chmod go+rx ~

We suggest that you save confidential work in a particular directory e.g. Courses and change the permissions of that directory.

Sharing files between users

Sometimes you would want to share some files with another user. The Databar supporters runs a scripts periodically, that checks and changes permissions of all your files and folders, so that they are owned by you and only you have write permissions. This is done for security reasons. If you want to share a folder with other users, this can be done creating a folder in your home dir called Share or share. A folder by this name is excluded from the permissions check.

For the experienced user CVS or Subversion are by far the best solutions. No matter what - you should consider looking into the possibilities of CVS or Subversion.

Links

Unix Permissions