email webmaster at: (last edited 102204)
UNIX: Viewing and Understanding Permissions |
This page is designed to help users understand the user-changeable permissions assigned to every directory and file in a Unix Cluster Account. The permissions specify who has read, write, or execute privileges. Separate permissions are assigned to the user (i.e., you, the account owner), the group to which the user belongs (a department or campus organization), and "other" (i.e., anyone in the world). This document provides a brief overview to help you understand the permissions associated with your UNIX Cluster account.
You can view the permissions that are set for the directories and files in your account by typing the following command at the prompt:
ls -al
where ls means "list" and -al modifies the list request to include "all" files (including hidden files) in the "long" format (which includes permissions).
UAlbany UNIX also give this information if the user types in:
dir
Either comand
ls -alor
dirwill show you the directory and file information with permissions.
The resulting list of files and directories will appear in the following format:
drwxr-xr-x # userID group size date time dirname -rwxr--r-- # userID group size date time filename
The ten characters in the first column shows the permissions for the designated file or directory name. The remaining columns give information such as userID (i.e., your NetID - lowercase), the group abbreviation (e.g., faculty, student, csc, ...), the size of the file or directory, the date and time it was last modified, and the name of the file or directory.
In the permissions column, the first character indicates the entry type. File listings begin with a hyphen; directory listings, with the letter d. The remaining nine characters indicate the permissions themselves (in three groups of three). Character positions 2 thru 4 show user permissions — read (r), write (w), and/or execute (x); 5 thru 7, group permissions; and 8 thru 10, other (world) permissions. A hyphen in a character position indicates a lack of permission for that item.
Table 1 and Table 2, below, describe what the various permissions mean for the user, the group, and others.
TABLE 1. UNIX DIRECTORY Permissions
| WHO | WHAT THE PERMISSIONS ALLOW | |
|---|---|---|
| USER | Read (r) | The account owner can list the files in the directory. |
| Write (w) | The account owner can create or delete files in the directory. | |
| Execute (x) | access files in that directory by name (such as Web page files). | |
| GROUP | Read (r) | Everyone in the designated group can list the files in the directory. |
| Write (w) | Everyone in the group can create or delete files in the directory. | |
| Execute (x) | Everyone in the group can change (cd) into the directory and access files in that directory by name (such as Web page files). | |
| OTHER | Read (r) | Anyone can list the files in the directory. |
| Write (w) | Anyone can create or delete files in the directory. | |
| Execute (x) | Anyone can change (cd) into the directory and access files in that directory by name (such as Web page files). | |
In the example at the beginning of this section, the permissions for the directory listing are shown as:
drwxr-xr-x
which indicates that the user has read, write, and execute privileges and that the everyone else (group and other) has read and execute privileges. However, they cannot create or delete files in the directory.
TABLE 2. UNIX FILE Permissions
| WHO | WHAT THE PERMISSIONS ALLOW | |
|---|---|---|
| USER | Read (r) | The account owner can read the file. |
| Write (w) | The account owner can modify or delete the file. | |
| Execute (x) | The account owner can run the file as a program. | |
| GROUP | Read (r) | Everyone in the designated group can read the file. |
| Write (w) | Everyone in the group can modify or delete the file. | |
| Execute (x) | Everyone in the group can can run the file as a program. | |
| OTHER | Read (r) | Anyone can read the file. |
| Write (w) | Anyone can modify or delete the file. | |
| Execute (x) | Anyone can run the file as a program. | |
In the example at the beginning of this section, the permissions for the file listing are shown as:
which indicates that the user has read, write, and execute privileges and that everyone else (group and other) can only read the file. They cannot modify or delete the file or run it as a program.
The standard settings for files and directories in a typical UAlbany UNIX account are as follows.
| Directory Permissions | drwx------ |
| File Permissions | -rw------- |
These settings give the account owner (user) read, write, and execute access to directories and read and write access to files. Group members and others have no access at all.
A user setting up a web directory in their personal UNIX account will need to "startweb" create a "index.html" file and then "setweb". This creates a public_html directory that will assign appropriate permissions to the directory and to the files in it.
The default setting for the public_html directory is:
| Directory Permissions | drwx--s--x |
| File Permissions | -rw-r--r-- |
The most common reason for changing account permissions on a UAlbany Unix Cluster account is to allow access to Web pages that are published there. Refer to Unix public_html setup for instructions on creating a web folder in your personal UAlbany UNIX account.
Otherwise, there is typically no need for the average account owner to change the default permissions on an account, and, in fact, it may be detrimental to do so. You might inadvertently "lock yourself out" of your own account or unintentionally allow access to "the world".
The access mode of one or more files can be changed by the file owner - or a privileged user by using the change mode command chmod. Create the mode by concatenating the characters from who, opcode, and permission. who is optional (if omitted the default is a. You may choose only one opcode.
Who
u User
g Group
o Other
a All (default)
Opcode
+ Add permission
- Remove permission
= Assign permission
Permission
r Read
w Write
x Execute
s Set user (or group) ID
t Sticky bit; save text mode (file) - or prevent removal of files by non owners (directory)
u User's present permission
g Group's present permission
o Other's present permission
l Mandatory locking
Alternatively, specify permissions by a three-digit sequence. The first digit designates owner permission; the second, group permission; and the third, others permission.
Permissions are calculated by adding the following octal values:
4 Read
2 Write
1 Execute
Examples
Add execute-by-user permission to a file that is currently has permissions for the user to read and write only:
chmod u+x file
or
chmod 700 file - 7 for user rwx, 00 no permissions for group or others
Either of the following assigns read-write-execute permission by owner (7), read-execute permission by group (5), and execute only permission by others (1) to file: or chmod
chmod 751 file
chmod u=rwx,g=rx,o=x file
Any of the following assigns read-only permission to file for everyone:
chmod =r file
chmod 444 file
chmod a-wx,a+r file
Changing Directory permissions
Directories permissions use the chmod command with the same argument syntax as file permissions:
chmod who opcode permission directory
Directory Permissions
r The directory may be read as a list of files in the directoryYou can get additional help by using the command: man chmod
email webmaster at: (last edited 102204)