Home > Help Files > Unix > File Access permissions

Permissions

[Types of Permissions] [Viewing Permissions] [Setting Permissions] [Examples] [References]

A set of permissions is associated with each UNIX file and directory to control which accounts have read, write, and execute access to it. Separate permissions govern access by the owner, by other members of the same "group" as the owner, and by all others. Because ordinary UNIX ac counts all belong to the same group, the distinction between members of the group, and all others, is not relevant for most users of the system.

Types of Permissions

Permissions are associated both with ordinary files and with direc tories. For a file, read and write permission have fairly obvious mean- ings: read permission enables reading of the file (e.g., by means of the 'cat' command); write permission allows modification. Execute permis- sion for a file means that it may be executed as a command (appropriate for shell scripts and files containing executable program code).

For a directory, read permission enables listing of names of files in the directory, as with the 'ls' command. Write permission allows crea- tion and removal of files in the directory. Execute permission enables one to enter a directory (e.g., with a 'cd' or 'chdir' command) or to use it in a path name.

Viewing Current Permissions

The long form of a file listing, obtained by the command 'ls -l', shows the permissions currently associated with files and directories. Here is some typical output: 

     -rw-r--r--	 1 help		 887 Apr  6 12:51 classes
     drwxr-xr-x	 2 help		 208 Mar  9 12:17 docs

The first character in the series of letters and hyphens beginning each entry shows whether the entry is a directory or a file: 'd' indicates directory, hyphen indicates file. In the above example, the first entry reports on a file named 'classes', the second on a subdirectory named 'docs'. The next nine characters are allocated as follows: three characters showing permissions governing the owner; three showing permissions governing other members of the same group; and three for all others. The order in each group of three is: read, write, execute. If permis- sion is granted, the position is occupied by a letter (r for read, w for write, x for execute). If permission is denied, the position is marked with a hyphen. In the example, the file 'classes' has read and write permission for the owner (an account named 'help'); read permission for others in the same group; and read permission for all others. The directory "docs" has read, write and execute permission for the owner, and read and execute permission for each of the other two categories of users.

Setting Permissions

Under version 7 with the default C-shell, UNIX generally creates files and directories with access permissions limited to the owner. This represents a policy change from version 6, in which the default was to make files and directories publicly accessible. In any case, there are two ways to control permissions. First, it is possible to alter the de- fault file-creation modes by means of the 'umask' command. If you want new files and directories created with all appropriate permissions EX- CEPT write permission for group members and others, put this command in a file named .cshrc in your login directory: 

     umask 22

For more information on umask, please see the documentation of umask (a built-in shell command) in the writeup csh(1) in the UNIX Programmer's Manual.

Second, you may alter the permissions of individual files and direc- tories after they have been created, by using the command chmod (1). This command changes the file's "mode", a numerical representation for the combination of permissions associated with the file.

The mode is a three-digit octal number. The first digit indicates the permissions for the owner; the second and third indicate permissions for group members and others, respectively. Each digit is derived by adding the values for the types of permissions desired: 

     0	     no	permissions
     1	     execute
     2	     write
     4	     read

Thus, by addition 

     3	     write and execute
     5	     read and execute
     6	     read and write
     7	     read, write, and execute
The form of the chmod command is 
     chmod mode	filename ...
NOTE: It is recommended that users assign the same permissions for the "same group" category and the "all others" category.

Examples:

Read and write permission for owner, read-only for group members and all others: 

     chmod 644 filename

Read, write and execute for owner, no access permission for others: 

     chmod 700 filename

Read only for owner and others: 

     chmod 444 filename

If the owner turns off his/her own write permission, the file is pro- tected from accidental destruction.)

References 

     chmod (1)
     ls	(1)
in the Unix Programmer's Manual.

 

Comments to consult@newton.berkeley.edu
© 1998-2009 UC Regents