Unix Permissions

Internetworking

Certifications
Cisco
IP
PC
Protocols
- ARP
- Border Gateway Protocol
- Frame Relay
- ISDN
- The Lesser Known RFC's
- Routing Information Protocol
- The X21 Protocol
- ATM
- DHCP
- DNS
- Ethernet
- FTP Commands
- Test Sendmail SASL Authentication
- HTTP
- ICMP
- IMAP Protocol
- IP Protocol
- NAT
- Network Time Protocol
- OSPF
- Ping
- POP3
- Port Numbers
- PPP
- Seven Layer Model
- SMDS
- SMTP
- SMTP Reply Codes
- SMTP Authentication
- SNMP
- SONET
- TCP
- UDP
- Well Known Ports
- X.25
Routers
SQL
Security
Telco
Tools
Unix
Web

Unix Permissions

Decoding those Permissions
Changing Permissions: Symbolic Chmod
Changing Permissions: Absolute Chmod

If you look at a list of files using the long list format ls -l, you'll see the permissions, owner, file size, modification time, and filename.
[tethys]:[8:39am]:[/home/rnejdl/DOCS] > ls -al
total 1825
drwxr-xr-x   2 rnejdl  rnejdl     512 Sep 16 10:27 .
drwxr-xr-x  23 rnejdl  rnejdl    4096 Sep 17 21:09 ..
-rw-------   1 rnejdl  sarah   208896 May  3 23:09 DSLProvo.doc
-rwxr--r--   1 rnejdl  rnejdl  307543 Sep 11 17:37 IPAddressing-Overview.pdf
-rwxr--r--   1 rnejdl  rnejdl  412989 Aug 28 18:08 Routers-DSL-Flowpoint.pdf
-rwxr--r--   1 rnejdl  rnejdl   76810 Sep  6 11:42 SWOT analysis.vsd
-rwxr--r--   1 rnejdl  rnejdl   20480 Sep  6 11:41 Social Styles.doc
-rwxr--r--   1 rnejdl  rnejdl   25600 Sep 15 17:43 Acceptable Use Policy.doc
-rwxr--r--   1 rnejdl  rnejdl   28160 Sep  6 11:42 bibliography leadership.doc
-rw-------   1 rnejdl  rnejdl  705536 Sep 12 23:45 provo-final.doc
-rwxr--r--   1 rnejdl  rnejdl   23552 Sep  6 11:41 question types.doc
[tethys]:[8:39am]:[/home/rnejdl/DOCS] >
The first column of the list shows who can read, write, and execute the files or directories - in other words, the permissions. It basically shows who has permission to do what to a given file or directory. r stands for "read" and means that you're allowed to read the file or directory. w stands for "write" and gives permission to edit or change the file as well as create, move, rename, or remove a directory. x stands for "execute," which gives permission to run a file or search a directory.
Every file or directory has four sets of rwx permissions. The first set represents the user (u), the second set represents the group (g), the third set represents other (o), and the fourth set represents all (a). The column will look like this:
-rwxrwxrwx
Each set of rwx represents user, group, and other respectively. Only the owner of a file or a privileged user may change the permissions on a file.

There are two ways to change permissions on a file or directory, either with absolute chmod (which uses numbers) or with symbolic chmod (which uses lettered commands).
Both ways use the command chmod, which stands for "change mode". chmod changes who can access a particular file. A "mode" is created by combining the various options from who, opcode, and permission. To add permissions to a file, you use +, to remove permissions you use-.

Structure: chmod [option] mode file

Changing Permissions: Symbolic Chmod

With symbolic chmod, you only change one set of permissions at a time--that is, you change the user's permissions, or the group's permissions, or the "others"' permissions.
For the record, you can change more than one set of permissions at a time, but it is horrendously complicated and you shouldn't have to worry about it. Take this file for example:
-rw-r--r-- 1 meghan friends 476 Oct 14 17:13 pics.html
To allow a group (friends, in this case) "write" access, you would type:
chmod g+w pics.html
If you wanted to remove "read" ability from "other" you would type:
chmod o-r pics.html
Changing permissions: Absolute Chmod
It is also possible to specify permissions using a three-digit sequence. This is a more efficient way to change permissions (or at least it requires less typing), so use this method if it doesn't confuse you. Each type of permission is given an octal value:
Read = 4
Write = 2
Execute = 1
These values are added together for each user category. The permissions are changed by using a three-digit sequence with the first digit representing owner permission, the second digit representing group permission, and the third digit representing other permission. For example, if you wanted to make pics.html readable, writable, and executable for the user, readable and writable for the group, and readable for other, you would type:
chmod 764 pics.html
The first digit means readable and writable for the user (4+2+1), the second digit means readable and writable for the group (4+2), and the third digit means readable for other (4).

Listed below is a chart giving a few examples of different numberic codes used with the chmod command and the UNIX permissions that would be seen.

Numeric

UNIX equivalent

Owner

Group

Other

read/write/execute

read/write/execute

read/write/execute

777

rwxrwxrwx

755

rwxr-xr-x

744

rwxr--r--

644

rw-r--r--

If you want to change the permissions on a directory tree use the -R option. chmod -R will recursively change the permissions of directories and their contents.