File Permissions

From Redbrick Wiki

This is a tutorial on how to use file permissions and the chmod command.


What are file permissions?

File permissions are rather important as they specify what you let people do to your files. There are generally three types of file permissions:

  • Read Permission

This allows people to 'read' your files, for example to go into a text editor and load up a text file, however, read is all they can do, they can't edit it and save the changes, delete, or move the file but they can copy it into their own directory.

  • Write Permission

This allows people to change your file or even delete it.

  • Execute Permission

This means that people can 'run' your file, for example if it were a CGI or shell script. Folder-wise, it means that people can 'cd' into your directory, but remember, they can not list the files in that directory unless you have set read permissions on that directory.

Who can I give these permissions to?

These are the different types of person you can set permissions for:

  • User

This is yourself, and sometimes you'll have to set permissions for yourself. For example, if you write a script of some form, you have to give yourself execute permissions on the file in order for you to run it.

  • Group

These are the people that belong to your group on the system. Some examples of groups on Redbrick would be 'member', 'committee' and 'guest'. Generally, you would be in the 'member' group, unless you are on the committee. Setting permissions specifying your group means that only your group can do whatever you let them do with your files.

  • Others

Basically, this means everyone else, eg - those outside of your group. Another very important example is webpages as you need to specify others to allow people to view your HTML files.

  • All

Simply, this is everyone, the same as user, group and others.

How do I set permissions?

In order to set permissions on your files, you use the command 'chmod'. Now, to set permissions, you use the command chmod at the command line.

Say, for example, you have a file called 'hello.txt' in your directory, and you want to allow everyone else to read it, but not to be able to change it or delete it, you use the following command:

chmod go+r hello.txt 

and then hit return. What this does is give group and others read and execute permissions on 'hello.txt'. The + means to 'give' those permissions to that file

Say, you wanted to let people change into a directory in your home directory called 'stuff', and let them list and read all the files in it use the following command:

chmod go+rx stuff (hit return)
cd stuff (hit return)
chmod go+r *.* (hit return)

Now, say you wrote a shell script called 'moo', and you want to be able to run it yourself, you give yourself execute permissions:

chmod u+x moo (return)

Beginning to see the pattern? Now say you wanted to allow everyone to be able to read a file called 'results.txt', and you needed to set the permissions for everyone including yourself for some reason, instead of using ugo for user, group and others, you can simply use:

chmod a+r results.txt (return)

Ok, finally one last example is where you want to remove the read permissions for that file called 'results.txt' from group and others. This is what you have to type:

chmod go-r results.txt (return)

This time it's - instead of +, where it means 'take away' those permissions. If there were no permissions there and you tried to take them away, then it will simply ignore it and carry on trying to remove the other permissions, if any others are specified to be removed.

chmod a=r results.txt

This time we are using the = instead or + or -. This means that the permissions are set what ever you tell it to, overwritting previous permission. In this case, everyone will only have read permission to that file. The main function of = is to make files read-only. Isn't there a way of setting permissions using numbers?

Yes, there is, its the octal notation. Say you did an 'ls -l' of the files in your directory. On the left hand side youll notice stuff like the following:

-rwxr-xr-x
drwxr--r--
-rwxr--r--

and so on. These are the permissions that you've set. There are ten spaces there for characters if you notice. The first 'bit' as we call it, tells us if it's a directory. If there's a 'd' there, then it is a directory, otherwise, if there's a '-' there, then it's a file.

Now, divide the remaining nine characters into three groups of three. The first group of three represent the permissions for 'user', the next three for 'group' and the last three for 'others'. The first 'bit' of any of these three groups represent whether that group has 'read' permission (a '-' means no). The next bit means 'write' permission, and the third bit means 'execute' permission.

Instead of specifying rwx, you can do it using numbers. Take one group. Now replace the letters with 1's and 0's, as in the following, and replace that binary number with its octal equivalent, eg:

Permission Binary Octal
rwx        111    7
rw-        110    6 
r-x        101    5
r--        100    4
-wx        011    3
-w-        010    2
--x        001    1
---        000    0

So all you have to do is stick the numbers together for the three groups, some examples would be rwxr-xr-x, which is rwx r-x r-x, or 111 101 101, or in octal, 755 which means that to set the permission for rxwr-xr-x, you type:

chmod 755 filename

Some more quick examples:

For permission rwx--x--x, use 711. For permission rw-r--r--, use 644.

What permissions should I use for webpages?

For webpages, you should remember the following:

Your home directory (~) should be go+x or 711, so use the command chmod 711 ~ (return). Your public_html folder must also be go+x or 711, so again, use chmod 711 ~/public_html (return). All subfolders of your public_html to be used by your website must be go+x or 711 as well... See Webspace for more info on webpages on Redbrick.

Finally, all files, eg HTML files, must be go+r or 644. You can use a recursive chmod to change all files in public_html or subdirectories of public_html to have permission 644, by using the command chmod 644 ~/public_html/*.

You can get more detailed information on chmod by typing man chmod at the prompt and of course, contact Helpdesk if you have any problems.

lil_cain and file permissions

One day in #lobby, lil_cain, at this point an elected systems administrator, decided he was having trouble with Linux and asked the kind people of RedBrick for help. His question was something along the lines of "how do I check the permissions for a file in a directory?"

Now, as everyone knows, you can check the permissions of all files in a directory using either

ls -l

or

ls -al

ls is one of the most basic commands EVAR!!1!!!11 lil_cain U DESERVE NO R00T!1!!

<--> Actually, what I was looking for is stat. It's a far better tool for individual files.