Every file or folder in UNIX has access permissions. There are three types of permissions:
- read access
- write access
- execute access
Permissions are defined for three types of users:
- the owner of the file
- the group that owns the file
- other users
Permission Overview
You can check the permissions on files in a specific directory by executing the command:
ls -l
or:
ll
The following is an example of the output of the command:
drwxr-xr-x 1 s001234 s00 32 Feb 28 10:45 dir1 -rw-r--r-- 1 s001234 s00 8347 Feb 28 10:45 file1 -rw-r----- 1 s001234 s00 3335 Feb 28 10:45 file2 -rw------- 1 s001234 s00 19 Feb 28 10:45 file3
In the first column you will find a ten character code defining the permissions of the file or directory e.g.
drwxr-xr-x
The first character tells the type of the object, where "d" means directory. The next nine characters are grouped into sets of three, defining read, write and execute permissions, for owner, group and other respectively.
In this table you can see an overview of how permissions can be represented
Permission Table
Octal digit | Text equivalent | Binary value | Meaning |
---|---|---|---|
0 | --- | 000 | All types of access are denied |
1 | --x | 001 | Execute access is allowed only |
2 | -w- | 010 | Write access is allowed only |
3 | -wx | 011 | Write and execute access are allowed |
4 | r-- | 100 | Read access is allowed only |
5 | r-x | 101 | Read and execute access are allowed |
6 | rw- | 110 | Read and write access are allowed |
7 | rwx | 111 | Everything is allowed |
Returning to the example we see that dir1 is a directory (the "d" in the first column). By using the permission table we see that the user s001234 can read, write and execute (enter/search) the directory. The s00 group members and other can only read and execute the directory. file1 is readable and writeable for the user and readable by the group and others.
The permissions can also be represented as octal digits or binary values as shown in the table.
You might sometimes see other characters in place of the normal ones. This is because of a fourth property called setuid. Read more about setuid on Wikipedia.
Changing permissions with chmod
You can change the permissions of a file or directory by using the command chmod
. The input to the command is shown below:
chmod [who]operator[permissions] file
The first input following the command is a list. [Who] can be one or more of the following:
- u - the user (owner)
- g - a group
- o - other
- a - all of the above
The operator is "+", "-" or "=", where "+" adds permissions, "-" removes them and "=" sets them equal to the exact list of permissions given. [permissions] is a list of
- r - read
- w - write
- x - execute.
An example:
chmod go+r file1
This would add read permissions for group and other for file1.
Using the table from above, we can set all permissions for file1 with a couple of numbers. Remember that the first is owner, the next is group and the third is everyone else:
chmod 755 file1
This will give everyone permission to read and execute the file, while the owner may also change it.
G-Bar home dir permissions
The standard home dir (e.g. your s001234 student home dir) is by default readable by all other users.
To change the permission of your home directory, so others can't access it, enter the following command:
chmod go-rx ~
The following command will change the settings back to grant everyone read and execute access to your home directory:
chmod go+rx ~
We suggest that you save confidential work in a particular directory e.g. Courses and change the permissions of that directory.
Sharing files between users
Sometimes you would want to share some files with another user. The Databar supporters runs a scripts periodically, that checks and changes permissions of all your files and folders, so that they are owned by you and only you have write permissions. This is done for security reasons. If you want to share a folder with other users, this can be done creating a folder in your home dir called Share or share. A folder by this name is excluded from the permissions check.
For the experienced user CVS or Subversion are by far the best solutions. No matter what - you should consider looking into the possibilities of CVS or Subversion.