A Quick Introduction to Unix/Permissions

File access rights
In your home directory, type

% ls -l

You will see that you now get lots of detail about the contents of your directory.



Each file (and directory) has access rights, which may be displayed by typing ls -l. Also, ls -lg gives additional information as to which group owns the file (istrain in the following example):

-rwxrw-r-- 1 ccaajim istrain 3210 Aug15 14:25 train.doc

In the left-hand column is a 10 symbol string consisting of the symbols d, r, w, x, -, and, occasionally, s or S. The important ones for you right now are r for read, w for write and x for execute. If d is present, it will be at the left hand end of the string, and indicates a directory: otherwise the string will start with -.

The 9 remaining symbols indicate the permissions, or access rights, and are taken as three groups of three.

The left group of 3 gives the file permissions for the user that owns the file (or directory) (ccaajim in the above example). The rightmost group gives the permissions for all others (called world in Unix speak). The middle three columns are the rights ceded to the group to which the use account belongs.

The symbols r, w, etc., have slightly different meanings depending on whether they refer to a simple file or to a directory.

Access rights on files

 * r (or -), indicates read permission (or otherwise), that is, the presence or absence of permission to read and copy the file
 * w (or -), indicates write permission (or otherwise), that is, the permission (or otherwise) to change a file
 * x (or -), indicates execution permission (or otherwise), that is, the permission to execute a file, where appropriate

Access rights on directories

 * r allows users to list files in the directory;
 * w means that users may delete files from the directory or move files into it;
 * x means the right to access files in the directory. This implies that you may read files in the directory provided you have read permission on the individual files.

So, in order to read a file, you must have execute permission on the directory containing that file, and hence on any directory containing that directory as a subdirectory, and so on, up the tree.

Sticky bit
The is symbolized by a "t" flag: it means that the file or directory can only be deleted by its owner (or root).

setuid bit
The bit is symbolized by an "s" flag: it means that the file should be executed with the userid of its owner.

chmod (changing file mode)
Only the owner of a file can use chmod to change the permissions of a file. The options of chmod are as follows

For example, to remove read write and execute permissions on the file allcolours for the group and others, type % chmod go-rwx allcolours

This will leave the other permissions unaffected.

To give read and write permissions on the file allcolours to all,

% chmod a+rw allcolours

Using integer parameters with chmod
As well as using the syntax outlined above you can also use chmod with a numeric parameter that represents the users and permissions intended. A common example is % chmod 755 myscript.sh This example is equivalent to chmod u=wrx,g=rx,o=rx

How does this work? Well, let's call the number a triple to remind us that it's a string of three digits. Each digit represents the permissions for one of u, g and o. We give each possible permission a numeric value like this

In our example above, the number string is 755. There is only one way this could add up (so to speak).

Which means that chmod 755 filename means read, write and execute for the file owner and read and execute for group and others.

umask
This command can get or set the default permissions of the created files.