Every file and directory on the system has file permissions which determine who on the system can access the file and how. The "how" part of it determines three different things: Is the file readable? Is the file writable? Is the file executable. The "who" part of it figures out who can access the file by dividing people into three categories: the owner of the file; those users who are in the same group as the file; and all other users.
To check both the permissions and the ownership of a file, use the "ls" command, with the options "-l" and "-g":
This lists several things, which are in order: permissions, number of links, owner, group owner, file size, last modification date, and the filename. The file permissions section is a 10 character string, and each character has a different meaning:
File type will be "d" for directories, or "-" for regular files. For the rest of the permissions, each set of three characters defines read, write and execute priveleges. "r" represents read, "w" for write, and "x" for execute. In each case, a dash "-" means they lack this permission.
For directories, the write priveleges determine whether or not you can create or delete files in that directory. Read permissions indicate whether you can list the files in that directory. Execute permissions (also called search permissions when referring to directories) determine whether or not you can access files within this directory. This means that if a directory has search permissions but not read permissions, you can't list the contents of that directory, but if you already know what's in it, you can access those files.
The command used to change file permissions is chmod. There are two different ways you can use chmod. In both, you specify the permissions, followed by one or more file names. Specifying permissions is different in each method.
In this method the permissions are specifed using letters to represent different categories and permissions. Categories are represented by "u" for user, "g" for group, and "o" for other. A plus or minus indicates wheter you are adding or removing some permission, and permissions are specified by "r", "w", and "x", as above. These things are put together with no spaces in the order described:
In this method, the privelegs are described with a three-digit octal number each digit represens (left to right) the owner, the group, and the world permissions. Each digit is built by adding 4 for read priveleges, 2 for write priveleges and 1 for execute:
The permissions are examined in order from left to right, and the first set of rules that match are applied. This means that it is possible to restrict the owner of a file, while giving access to the rest of the world:
When chmod is used as in method one above, and the category is left out the permissions default to the umask. The umask is something defined for every process which defines the permissions that files get created with. The default umask is 077, which tells the operating system which permissions to strip when creating a file. In other words, for the default shown, strip out all permissions for group and world. The "umask" command sets and displays the umask value.
Last Update: 1/10/94 JGW
Original author: TAF