Loading...
 
Skip to main content

File permissions

A UNIX system serves many users. Users can be organized in groups. A user may belong to one or more groups of users. The concept of groups serves the purpose of assigning sets of privileges for a given resource and sharing them among many users that need to have them.

Every file on the system has associated with it a set of permissions. Permissions tell UNIX what can be done with that file and by whom. There are three things you can (or can't) do with a given file:

  • read it,
  • write (modify) it and
  • execute it.

Unix permissions specify which of the above operations can be performed for any ownership relation with respect to the file. In simpler terms, what can the owner do, what can the owner group do, and what can everybody else do with the file. For any given ownership relation, we need three bits to specify access permissions: the first to denote read (r) access, the second to denote (w) access and the third to denote execute (x) access. We have three ownership relations: 'user', 'group' and 'other' so we need a triplet for each, resulting in nine bits. Each bit can be set or clear (not set). We mark a set bit by it's corresponding operation letter (r, w or x) and a clear bit by a dash (-) and put them all on a row. An example might be rwxr-xr-x. What this means is that the owner can do anything with the file, but group owners and the rest of the world can only read or execute it. Usually in UNIX there is also another bit that precedes this 9-bit pattern. You do not need to know about it, at least for the time being.

So if you try ls -l on the command prompt you will get something like the following:

nick@thekla src$ ls -l

-rwxr-xr-x 1 nick users 382 Jan 19 11:49 bscoped.pl

drwxr-xr-x 3 nick users 1024 Jan 19 11:19 lib/

-rwxr-xr-x 1 nick users 1874 Jan 19 10:23 socktest.pl

The first column here shows the permission bit pattern for each file. The third column shows the owner, and the fourth column shows the owner group. By the time, the information provided by ls -l should be enough for you to figure out what each user of the system can do with any of the files in the directory.

Directories

Another interesting thing to note is that lib/ which is a directory has permissions, too. Permissions take a different meaning for directories. Here's what they mean:

  • read determines if a user can view the directory's contents, i.e. do ls in it.
  • write determines if a user can create new files or delete file in the directory. (Note here that this essentially means that a user with write access to a directory can delete files in the directory even if he/she doesn't have write permissions for the file!!! So be careful with this.)
  • execute determines if the user can cd into the directory.

chmod (Unix)

To set/modify a file's permissions you need to use the chmod program. Of course, only the owner of a file may use chmod to alter a file's permissions. chmod has the following syntax:

chmod options mode file(s)

The 'mode' part specifies the new permissions for the file(s) that follow as arguments. A mode specifies which user's permissions should be changed, and afterwards which access types should be changed. Let's say for example:

chmod a-x socktest.pl

This means that the execute bit should be cleared (-) for all users. (owner, group and the rest of the world) The permissions start with a letter specifying what users should be affected by the change, this might be any of the following:

  • u the owner user
  • g the owner group
  • o others (neither u, nor g)
  • a all users

This is followed by a change instruction which consists of a +(set bit) or -(clear bit) and the letter corresponding to the bit that should be changed.

WinSCP

You can set the permissions for the files and directories when you select them for uploading, by clicking on the button 'More...'. You can also change the permissions remotely, after they are uploaded, by right-clicking on the file names to change their properties.

(Adapted from http://www.perlfect.com/articles/chmod.shtml)