|
|
Permit Unix Files and Directories | |
|---|---|---|
| © February 8, 1996 | B-6 | |
As the creator of a file or directory, you decide who else can use it. To control who has access, you set permissions for it. Each file and directory has three kinds of permissions:
| read --> | permission to view, print and copy --> | abbreviated r |
| write --> | permission to change the contents --> | abbreviated w |
| execute --> | permission to run an executable file --> (for example, a program) OR permission to change into a directory | abbreviated x |
When setting file/directory permissions, Unix divides the world of users into three classes:
| you, the owner --> | abbreviated u |
| your group --> | abbreviated g |
| others --> | abbreviated o |
You may assign read, write or execute permission independently to any of the three classes of users.
Unix is not capable of permitting files and directories to individual users, but (as explained below) files and directories are usually permitted so that others cannot access them without knowing their absolute pathnames.
To see the permissions that have been set for a file, use the ls command with -l option (how-to B-5, List Contents and Navigate Unix Directories, discusses ls).
% ls -l
-rw-r----- 1 jsmythe users 21 Jul 5 11:08 file1
The first 10 characters of the above line describe the type of the file and the permissions which have been set for it.
![[IMAGE: -rw-r----- ]](b-6-fig1.gif) |
The first character shows the file type.
It is
-
(dash) for a
standard file and
d for a directory.
The next 9 characters are actually 3 sets of 3 characters
each.
These 3 sets show the permissions for the owner,
the group and others.
Within each set,
permissions are
always described in the same order:
read
(r),
write
(w)
and execute
(x).
If the relevant letter
(r,
w or x) appears,
permission exists.
If a
-
(dash) appears in its place,
that
kind of permission is denied. |
Let's look at the permissions for another file:
|
In this example,
the owner may read the file,
write to it
(change it) and execute the file.
Members of the group
may read and execute the file,
but not write to it.
Other
users may only execute the file,
not read it or write to it. |
![[IMAGE: -rwxr-x--x ]](b-6-fig2.gif) |
Execute access permits the execution of binary files which contain executable programs. Both read and execute access are required to execute a shell script.
Smaller Unix systems divide their users into different groups; however, this is impractical for SFU's Unix system which has about 32,000 users. By default, all SFU Unix accounts belong to the group users which renders the group permissions to be synonymous with others.
Default permissions are automatically set for files and directories as you create them. The default permission for new files is -rw------- and that for new directories is drwx------.
The command chmod (short for change mode) is used to change permissions for a file. chmod is used a bit differently from most other Unix commands. To give write permission to the group users for file1 (the first file we examined), we give the command:
chmod g+w file1
This may be understood as follows:
![[IMAGE: g+w - class of users,action,permission ]](b-6-fig3.gif)
|
Class | Action | Permission | |||
| u | user (owner) | + | add permission | r | read | |
| g | group | - | remove permission | w | write | |
| o | others | = | set permission | x | execute | |
| a | all | |||||
where class, action and permission can be chosen from the table of options at the right above.
More than one class and more than one type of permission can be set at the same time using chmod. For example,
chmod u+x,o=rw file1
adds the execute permission for the owner (u) and sets the permission for others to read and write explicitly (no matter what permissions others had before).
If you do not specify a class, the new permission is applied to all three classes. For example,
chmod +x file
adds execute permission for the owner, group and others.
To change the permission of all files in a directory, use the wildcard symbol "*" as described in how-to B-8, Use Unix Wildcards and Link Files. For example, the following command would add read permission for others to all files in the current directory:
chmod o+r *
If you prefer, chmod can use a digit from 0 to 7 to represent the permissions for each class of people. Each digit is the sum of the permission values as shown in the following chart:
| Value | Permission | Explanation |
|---|---|---|
| 4 | r | read |
| 2 | w | write |
| 1 | x | execute |
For example, the command
chmod 751 file1
would change the permission for file1 to read, write and execute for the owner; read and execute for the group; and execute only for others. Values and the permissions they correspond to are shown below:
| Value | Permission | Explanation |
|---|---|---|
| 7 | rwx | read, write and execute |
| 6 | rw- | read and write |
| 5 | r-x | read and execute |
| 4 | r-- | read |
| 3 | -wx | write and execute |
| 2 | -w- | write |
| 1 | --x | execute |
| 0 | --- | no access whatsoever |
To display the permissions for a directory, use the ls command with the -l and -d options, giving the directory name as the argument; e.g., for the directory project1
% ls -ld project1
drwx--x--x 2 jsmythe users 512 Jul 3 11:26 .
To display the permissions for your current directory, use the -l and -d options on the ls command:
% ls -ld
drwx--x--x 11 jsmythe users 512 Jul 8 14:54 .
Like files, permissions for directories are changed using the chmod command. Either class and action abbreviations (e.g., chmod g+x) or numeric arguments (e.g., chmod 644) may be used to change directory permissions.
Directory permissions have slightly different meanings than permissions for files. Read (r) permission is needed to list the contents of a directory with the ls command. Write (w) permission means that files can be added to or removed from the directory. Execute (x) permission is needed before you can change into a directory with the cd command or pass through a directory as part of a search path.
When you permit a file, you will also need to give execute permission to both your home directory and any subdirectories between your home directory and the file. When you do this, other users will not be able to list the contents of these directories, but they will be able to read or copy the file as long as they know the absolute pathname.
For example, user jsmythe wants to give others permission to read and copy his file outline in subdirectory project1 in his home directory. To do this, he would type the following commands:
chmod o=x /home/jsmythe
chmod o=x /home/jsmythe/project1
chmod o=r /home/jsmythe/project1/outline
Since execute permission does not allow others to see the contents of his directories, jsmythe must tell his colleagues the absolute pathname of the file, which is
/home/jsmythe/project1/outline
Absolute pathnames are explained in how-to B-5, List Contents and Navigate Unix Directories.
You can change permissions for all files and directories within a directory by using the -R option on the chmod command. For example, to give others read and execute access to all files and directories (and files and directories within directories, etc.) within a directory called project1, you would type:
chmod -R o+rx project1
