File Permissions
--> Introduction
--> Viewing File Permissions
--> Three Classes of Users
--> Read, Write, Execute
--> Illustration of Permission Breakdown
--> Permission Examples
--> Setting File Permissions
--> Setting File Permissions Example
* INTRODUCTION
In a multi-user computing environment, file permissions
determine who can work with a file or directory and
how it can be used. File permissions help maintain system
integrity by not allowing unauthorized users access to important
system files. They also provide a means of insuring the privacy
and security for the files of individual users.
* VIEWING FILE PERMISSIONS
To see the file permissions for the contents of any directory,
(provided of course you have permission to access that directory),
use the long form of the unix ls command:
$ ls -l
You should see something like this:
total 65
drwx------ 5 kadzie student 1024 Mar 12 21:21 News/
drwxr-xr-x 2 kadzie student 512 Feb 22 14:22 analog/
-rw------- 1 kadzie student 1140 Mar 7 18:01 calendar
-rw------- 1 kadzie student 736 Mar 8 14:06 lynx_bookmarks.html
drwx------ 3 kadzie student 512 Mar 12 21:46 mail/
-rw-r--r-- 1 kadzie student 5768 Feb 28 16:43 paper
drwx--x--x 2 kadzie student 1024 Mar 12 21:51 public_html/
This is the output of the `ls -l' command executed in "kadzie's"
$HOME directory. The listing displays in order across rows:
+ file permissions (known as "mode" in UNIX jargon)
+ number of links
+ owner (kadzie)
+ group (student)
+ size in bytes
+ time of last modification for each file
+ file name
for all the files in that directory.
The structure of a file permissions itself is a 10 character field.
As far as this document is concerned, the first position in a
permission is either going to be a "-" or a "d". A leading "-"
signifies that the file is a plain file as opposed to a
directory, which is denoted by a leading "d". It may seem
strange to be differentiating between files as plain files and
files as directories, however, you can think of a directory as
nothing more than a file itself, one that contains information
about the locations and attributes of other files.
* THREE CLASSES OF USERS
The next nine permission positions are broken up into three
groups of three and can be thought of as three types of file
permissions for the three different classes of users: the "owner"
of the file, the "group" the owner belongs to, and all "other"
(in UNIX jargon) users of the system or what is sometimes
referred to as the "world".
You are the "owner" of your $HOME directory along with every file
and subdirectory you create. The "owner" (you the user) also
belong to a "group". Finally, there is the "world" class, which
basically means anyone who can get log on to the system.
* READ, WRITE, EXECUTE
As the owner of a file you have the power to set three types of
access privledges (read, write, and execute) for each of the
three different classes of user.
If a class of users has read permissions for a
+ directory, anyone belonging to that class can get a listing of
its contents.
+ file, anyone belonging to that class can view the file's contents.
If a class of users has "write" permissions for a
+ directory, anyone belonging to that class can create or remove
files (or other directories) inside that directory.
+ file, anyone belonging to that class can alter the file's contents.
If a class of users has "execute" permissions for a
+ directory, anyone belonging to that class can moving into that
directory with the cd command.
+ file, anyone belonging to that class can run the file as a program.
* ILLUSTRATION OF PERMISSION BREAKDOWN
Here is a diagram to illustrate how file permissions breakdown:
owner group world
| | |
------ ------ ------
| | | | | |
- - - - - - - - - -
d r w x r w x r w x
d=directory r=read w=write x=execute
* PERMISSION EXAMPLES
For illustration, let's break down a few permission examples.
Directories:
Example: drwx------
The three letters in the owner's group (rwx) shows that the
"owner "of the directory can read it (r), write it (w), and
execute (x) it. There are no permissions set for the "group"
class or the "world" class for this directory.
Example: drwx--x--x
Again, the "owner" can read, write, and execute this
directory, but this time members of the "group" (--x) and
"world" (--x) classes can also execute this directory.
Regular files:
Example: -rw-------
The characters in the owner's group (rw-) shows that the
"owner" of the file can only read it (r) and write (w) it.
There are no permissions set for the "group" class or the
"world" class for this file.
Example: -rw-r--r--
Again, the "owner" can read and write the file, but this time
members of the "group" (r--) and "world" (r--) classes can
read this file as well.
* SETTING FILE PERMISSIONS
There are two different methods for setting file permissions.
They can be set "relative" to their current settings or directly,
by using a numeric code. This introduction only covers the
latter method.
The UNIX command `chmod' is used to change file permissions.
chmod stands for "change mode" ("mode" is the UNIX term, but
"file permissions" is more descriptive). The syntax for using
the chmod command is:
$ chmod nnn file_name
where each n is a number between 0 and 7.
Each number represents the file permissions for a class of users
("owner", "group", "world", in that order) and is constructed
from the sum of values assigned to the "read", "write",
and "execute" attributes as shown:
read=4 write=2 execute=1
* SETTING FILE PERMISSIONS EXAMPLE
Putting everything together, let's figure out the command to change
the permissions of a directory named "my_dir" so that
+ the "owner" can read, write, and execute it,
+ the "group" can read and execute it,
+ the "world" can execute it.
The following diagram shows how to build the permission value:
owner group world
read 4 4 0
write 2 0 0
execute 1 1 1
------------------------------
sum 7 5 1
drwxr-x--x = 751
Thus to set the permissions we want we need to use the command
$ chmod 751 my_dir
Thanks to Mark Kadzie and the University of Illinois Graduate School of Library and Information Science at http://alexia.lis.uiuc.edu/manual/unix/perm.html for the base of this information.