Unix file permissions

Unix File Permissions

A basic understanding of how Unix file permissions work will aid users in keeping sensible permissions on files they own or use and block malicious users from reading or worse, changing, these files. Every file and directory, from / downwards through the hierarchy, has an owner and a group owner, and 9 permissions set on it. For each of the owner/group owner/everybody else, whether they can read/write/execute the file is defined. These entities are also referred to as user/group/world or user/group/others.

To see the permissions on a file

Type ls -l filename or ls -ld directory_name for a directory but not its contents.

To change the permissions on a file

Use chmod. Type man chmod to see the options available. Only the file owner or root can chmod a file.

To set default permissions on new files - umask

Use umask. Becoming wise in the ways of umask can save you a lot of chmodding, particularly when working in a group account directory. Without umask, files are created with permissions 666 (-rw-rw-rw-) and directories 777 (drwxrwxrwx); umask acts to reverse (mask) the specified permission bits. The default umask in CSE is 027 (rw-r-x---), set in your .profile, so instead of 666 files are created as 640 (-rw-r-----) and directories 750 (drwxr-x---) which are a lot more secure. You can check your umask at any time by simply typing umask and change it with umask <new mask>.

Providing group access

Access to a file may be given to members of a group. It is assumed the reader has already read about the effect read/write/execute permissions have on group access to files and directories. If your account owns a file you can set the file to be in any group that you are a member: chgrp groupname filename Other members can then read the file if you make it group readable: chmod g+r filename Or, can access files within a directory if you make the directory group executable: chmod g+x directory_name A useful property of file permissions is the group sticky bit that will cause all files subsequently created within a directory to be in the same group as the directory: chmod g+s directory_name This simplifies management of group directories as all files created will automatically be accessible by other group members.
Last edited by Robert Doran 20/01/2011

Tags for this page:

unix, file, permissions