Permissions

1 File and folder Permissions
2 Permission Overview
- 2.1 Permission Table
3 Changing permissions with chmod
4 G-Bar home dir permissions
5 Sharing files between users (Share folder)
6 Links

File and folder Permissions

Every file or folder in UNIX has access permissions. There are three types of permissions (what allowed to do with a file):

read access
write access
execute access

Permissions are defined for three types of users:

the owner of the file
the group that owns the file
other users

Permission Overview

You can check the permissions on files in a specific directory by executing the command:

ls -l

or:

ll

The following is an example of the output of the command:

drwxr-xr-x   1 s001234   s00          32 Feb 28 10:45 dir1
-rw-r--r--   1 s001234   s00        8347 Feb 28 10:45 file1
-rw-r-----   1 s001234   s00        3335 Feb 28 10:45 file2
-rw-------   1 s001234   s00          19 Feb 28 10:45 file3

In the first column you will find a ten character code defining the permissions of the file or directory e.g.

drwxr-xr-x

The first character tells the type of the object, where "d" means directory. The next nine characters are grouped into sets of three, defining read, write and execute permissions, for owner, group and other respectively.

In this table you can see an overview of how permissions can be represented

Permission Table

Octal digit	Text equivalent	Binary value	Meaning
0	`---`	000	All types of access are denied
1	`--x`	001	Execute access is allowed only
2	`-w-`	010	Write access is allowed only
3	`-wx`	011	Write and execute access are allowed
4	`r--`	100	Read access is allowed only
5	`r-x`	101	Read and execute access are allowed
6	`rw-`	110	Read and write access are allowed
7	`rwx`	111	Everything is allowed

Returning to the example we see that dir1 is a directory (the "d" in the first column). By using the permission table we see that the user s001234 can read, write and execute (enter) the directory. The s00-group and other can only read and execute (enter) the directory. file1 is readable and writeable for the user and readable by the group and others.

The permissions can also be represented as octal digits or binary values as shown in the table.

You might sometimes see other characters in place of the normal ones. This is because of a fourth property called setuid. Read more about setuid on Wikipedia.

Changing permissions with chmod

You can change the permissions of a file or directory by using the command chmod . The input to the command is shown below:

 chmod [who]operator[permissions] file

The first input following the command is a list. [Who] can be one or more of the following:

u - the user (owner)
g - a group
o - other
a - all of the above

The operator is "+", "-" or "=", where "+" adds permissions, "-" removes them and "=" sets them equal to the exact list of permissions given. [permissions] is a list of

r - read
w - write
x - execute.

An example:

chmod go+r file1

This would add read permissions for group and other for file1.

Using the table from above, we can set all permissions for file1 with a couple of numbers. Remember that the first is owner, the next is group and the third is everyone else:

chmod 755 file1

This will give everyone permission to read and execute the file, while the owner may also change it.

G-Bar home dir permissions

The standard home dir (e.g. your s001234 student home dir) is by default readable by all other users.

To change the permission of your home dir, so others can't access your home dir, enter the following command:

chmod go-rx ~

NB - By doing so people won't be able to access your Homepage either.

The following command will change the settings back to normal:

chmod go+rx ~

We suggest that you save secret school work in a particular folder e.g. Courses and change the permissions of that folder instead.

Sharing files between users (Share folder)

Sometimes you would want to share some files with another user. The Databar supporters runs a scripts periodically, that checks and changes permissions of all your files and folders, so that they are owned by you and only you have write permissions. This is done for security reasons. If you want to share a folder with other users, this can be done creating a folder in your home dir called Share or share. A folder by this name is excluded from the permissions check.

For more information see here.

For the experienced user CVS or Subversion are by far the best solutions. No matter what - you should consider looking into the possibilities of CVS. Subversion is currently not available at the G-Bar, but it will be shortly.