A Quick Introduction to Unix/Permissions
File access rights
[edit | edit source]In your home directory, type
% ls -l
You will see that you now get lots of detail about the contents of your directory.
Each file (and directory) has access rights, which may be displayed by typing ls -l. Also, ls -lg gives additional information as to which group owns the file (istrain in the following example):
-rwxrw-r-- 1 ccaajim istrain 3210 Aug15 14:25 train.doc
In the left-hand column is a 10 symbol string consisting of the symbols d, r, w, x, -, and, occasionally, s or S. The important ones for you right now are r for read, w for write and x for execute. If d is present, it will be at the left hand end of the string, and indicates a directory: otherwise the string will start with -.
The 9 remaining symbols indicate the permissions, or access rights, and are taken as three groups of three.
The left group of 3 gives the file permissions for the user that owns the file (or directory) (ccaajim in the above example). The rightmost group gives the permissions for all others (called world in Unix speak). The middle three columns are the rights ceded to the group to which the use account belongs.
The symbols r, w, etc., have slightly different meanings depending on whether they refer to a simple file or to a directory.
Access rights on files
[edit | edit source]- r (or -), indicates read permission (or otherwise), that is, the presence or absence of permission to read and copy the file
- w (or -), indicates write permission (or otherwise), that is, the permission (or otherwise) to change a file
- x (or -), indicates execution permission (or otherwise), that is, the permission to execute a file, where appropriate
Access rights on directories
[edit | edit source]- r allows users to list files in the directory;
- w means that users may delete files from the directory or move files into it;
- x means the right to access files in the directory. This implies that you may read files in the directory provided you have read permission on the individual files.
So, in order to read a file, you must have execute permission on the directory containing that file, and hence on any directory containing that directory as a subdirectory, and so on, up the tree.
Some examples
[edit | edit source]Permission String | Effect |
---|---|
-rwxrwxrwx | a file that everyone can read, write and execute (and delete) |
-rw------- | a file that only the owner can read and write - no-one else can read or write and no-one has execution rights (e.g. your mailbox file) |
Sticky bit
[edit | edit source]The sticky bit is symbolized by a "t" flag: it means that the file or directory can only be deleted by its owner (or root).
setuid bit
[edit | edit source]The setuid bit is symbolized by an "s" flag: it means that the file should be executed with the userid of its owner.
Changing access rights
[edit | edit source]chmod (changing file mode)
[edit | edit source]Only the owner of a file can use chmod to change the permissions of a file. The options of chmod are as follows
Symbol | Meaning |
---|---|
u | user |
g | group |
o | other |
a | all (that is u and g and o) |
r | read |
w | write (and delete) |
x | execute (and access directory) |
+ | add permission |
- | take away permission |
For example, to remove read write and execute permissions on the file allcolours for the group and others, type
% chmod go-rwx allcolours
This will leave the other permissions unaffected.
To give read and write permissions on the file allcolours to all,
% chmod a+rw allcolours
Using integer parameters with chmod
[edit | edit source]As well as using the syntax outlined above you can also use chmod with a numeric parameter that represents the users and permissions intended. A common example is
% chmod 755 myscript.sh
This example is equivalent to chmod u=wrx,g=rx,o=rx
How does this work? Well, let's call the number a triple to remind us that it's a string of three digits. Each digit represents the permissions for one of u, g and o. We give each possible permission a numeric value like this
Number | Meaning |
---|---|
1 | execute |
2 | write |
4 | read |
0 | clear the permission |
In our example above, the number string is 755. There is only one way this could add up (so to speak).
Position | Value | Composition |
---|---|---|
u | 7 | 4 + 2 + 1 |
g | 5 | 4 + 0 + 1 |
o | 5 | 4 + 0 + 1 |
Which means that chmod 755 filename means read, write and execute for the file owner and read and execute for group and others.
umask
[edit | edit source]This command can get or set the default permissions of the created files.