How to view file permissions
You can view the access permissions of a file by doing the long directory listing with the ls -l command. This is what a long directory listing might look like:
me@puter: /home/writers$ ls -l
total 17
drwxr-xr-x 3 nana writers 80 2005-09-20 21:37 dir
-rw-r----- 1 nana writers 8187 2005-09-19 13:35 file
-rwxr-xr-x 1 nana writers 10348 2005-07-17 20:31 otherfile
What does the output of ls -l mean? The very first column, the one that looks like a bunch of mumbo jumbo, shows the file type and permissions. The second column shows the number of links (directory entries that refer to the file), the third one shows the owner of the file, and the fourth one shows the group the file belongs to. The other columns show the file's size in bytes, date and time of last modification, and the filename.
The first column, the one that shows the file's permissions and looks like mumbo jumbo, is organized into four separate groups, although it certainly doesn't look very organized.
The first group consists of only one character, and it shows the file's type. For example, d means a directory and - means a normal file, so if you take a look at our example output, you'll notice dir is a directory, while file and otherfile are regular files.
The first character can be any of these:
d = directory
- = regular file
l = symbolic link
s = Unix domain socket
p = named pipe
c = character device file
b = block device file
The next nine characters show the file's permissions, divided into three groups, each consisting of three characters. The first group of three characters shows the read, write, and execute permissions for user, the owner of the file. The next group shows the read, write, and execute permissions for the group of the file. Similarly, the last group of three characters shows the permissions for other, everyone else. In each group, the first character means the read permission, the second one write permission, and the third one execute permission.
The characters are pretty easy to remember.
r = read permission
w = write permission
x = execute permission
- = no permission
What does this mean in practice? Let's have an example. Remember the imaginary directory listing we did at the beginning? The output looked like this:
drwxr-xr-x 3 nana writers 80 2005-09-20 21:37 dir
-rw-r----- 1 nana writers 8187 2005-09-19 13:35 file
-rwxr-xr-x 1 nana writers 10348 2005-07-17 20:31 otherfile
As we already noticed, dir is a directory, because the first column begins with a d. The owner of this directory is user nana and the group owner is writers. The first three characters,rwx, indicate the directory's owner, nana in this case, has full access to the directory. The user nana is able to access, view, and modify the files in that directory. The next three characters,r-x, indicate that all users belonging to group writers have read and execute permissions to the directory. They can change into the directory, execute files, and view its contents. However, because they don't have write permissions, they can't make any changes to the directory content. Finally, the last three characters, r-x, indicate that all the users who are notnana or don't belong into group writers, have read and execute permissions in the directory.
How about file? Because the first column begins with a -, the file is a regular file, owned by user nana and group writers, just like the directory in our example. The first three characters, rw-, indicate the owner has read and write access to the file. According to the next three characters, r--, the users belonging to group writers can view the file but not modify or execute it. The final three characters, ---, indicate no one else has any access to the file.
Similarly, you can see otherfile is a regular file and its owner has full access to it, while everyone else can read and execute the file but not modify it.
< How to set file permissions - symbolic mode >
You can set file permissions with the chmod command. Both the root user and the file's owner can set file permissions. chmod has two modes, symbolic and numeric.
The symbolic mode is pretty easy to remember. First, you decide if you set permissions for the user (u), the group (g), others (o), or all of the three (a). Then, you either add a permission (+), remove it (-), or wipe out the previous permissions and add a new one (=). Next, you decide if you set the read permission (r), write permission (w), or execute permission (x). Last, you'll tell chmod which file's permissions you want to change.
Let's have a couple of examples. Suppose we have a regular file called testfile, and the file has full access permissions for all the groups (long directory listing would show -rwxrwxrwx as the file's permissions).
Wipe out all the permissions but add read permission for everybody:
$ chmod a=r testfile
After the command, the file's permissions would be -r--r--r--
Add execute permissions for group:
$ chmod g+x testfile
Now, the file's permissions would be -r--r-xr--
Add both write and execute permissions for the file's owner. Note how you can set more than one permission at the same time:
$ chmod u+wx testfile
After this, the file permissions will be -rwxr-xr--
Remove the execute permission from both the file's owner and group. Note, again, how you can set them both at once:
$ chmod ug-x testfile
Now, the permissions are -rw-r--r--
As a summary, have a look at this quick reference for setting file permissions in symbolic mode:
| Which user? |
| u | user/owner |
| g | group |
| o | other |
| a | all |
| What to do? |
| + | add this permission |
| - | remove this permission |
| = | set exactly this permission |
| Which permissions? |
| r | read |
| w | write |
| x | execute |
< How to set file permissions - numeric mode >
The other mode in which chmod can be used is the numeric mode. In the numeric mode, the file permissions aren't represented by characters. Instead, they are represented by a three-digit octal number.
4 = read (r)
2 = write (w)
1 = execute (x)
0 = no permission (-)
To get the permission bits you want, you add up the numbers accordingly. For example, the rwx permissions would be 4+2+1=7, rx would be 4+1=5, and rw would be 4+2=6. Because you set separate permissions for the owner, group, and others, you'll need a three-digit number representing the permissions of all these groups.
Let's have an example.
$ chmod 755 testfile
This would change the testfile's permissions to -rwxr-xr-x. The owner would have full read, write, and execute permissions (7=4+2+1), the group would have read and execute permissions (5=4+1), and the world would have the read and execute permissions as well.
Let's have another example:
$ chmod 640 testfile
In this case, testfile's permissions would be -rw-r-----. The owner would have read and write permissions (6=4+2), the group would have read permissions only (4), and the others wouldn't have any access permissions (0).
The numeric mode may not be as straightforward as the symbolic mode, but with the numeric mode, you can more quickly and efficiently set the file permissions. This quick reference for setting file permissions in numeric mode might help:
| Which number? |
| 0 | --- |
| 1 | --x |
| 2 | -w- |
| 3 | -wx |
| 4 | r-- |
| 5 | r-x |
| 6 | rw- |
| 7 | rwx |
