Unix Permissions
Understanding Unix File Permissions
Unix-based operating systems provide a robust mechanism to control access to files and directories. This is crucial for protecting your data from unauthorized viewing, modification, or execution. This guide will help you understand these permissions and how to manage them effectively.
What Are Unix Permissions?
Core Permission Types
At its heart, Unix file access is governed by three fundamental permission types:
- Read (
r):- For files: Allows viewing the contents of the file.
- For directories: Allows listing the contents of the directory (e.g., seeing filenames).
- Write (
w):- For files: Allows modifying or deleting the content of the file.
- For directories: Allows creating, deleting, or renaming files within the directory (requires
executepermission as well).
- Execute (
x):- For files: Allows running the file as a program or script.
- For directories: Allows accessing files within the directory (i.e., "entering" or
cd-ing into it).
Permission Classes (Who Gets Access?)
These permissions (r, w, x) can be granted or denied to three distinct classes of users:
- User/Owner (
u): The person who created or owns the file/directory. - Group (
g): A collection of users. If a file belongs to a group, members of that group get these permissions. - Others (
o): Everyone else on the system who is not the owner and not in the group.
Viewing Permissions with ls -l
The ls -l command is used to display a detailed listing of files and directories, including their permissions.
If you run ls -l in a directory, you might see output similar to this:
-rwxrwx--- 1 johndoe student 311296 Jul 21 09:17 a.out
-rw-rw---- 1 johndoe student 82 Jul 21 09:12 hello.c
drwxr-x--- 2 johndoe student 4096 Aug 01 10:30 my_project
Let's break down the first line (-rwxrwx---) for the file a.out:
| File Type | Owner Permissions | Group Permissions | Others Permissions | Links | Owner | Group | Size | Last Modified | Name |
|---|---|---|---|---|---|---|---|---|---|
- |
rwx |
rwx |
--- |
1 | johndoe | student | 311296 | Jul 21 09:17 | a.out |
-
File Type (1st character):
-: Regular filed: Directoryl: Symbolic link- (and others for special file types)
-
Owner Permissions (Next 3 characters):
rwxmeans the owner (johndoe) can read, write, and executea.out. - Group Permissions (Next 3 characters):
rwxmeans members of thestudentgroup can read, write, and executea.out. - Others Permissions (Last 3 characters):
---means others have no permissions ona.out.
Directory Permissions Inheritance (Default Behavior)
Permissions set on a directory control access to the directory itself (e.g., listing its contents, creating files within it). Newly created files within a directory typically inherit some default permissions based on system settings and the user's umask (see below), not directly from the parent directory's permissions in a strict sense for all attributes.
Modifying Permissions with chmod (Change Mode)
The chmod command is used to change the permissions of files and directories.
Using chmod with Symbolic Notation
This is often the most intuitive way to use chmod.
Syntax:
chmod <class(es)><operator><permission(s)> <file_or_directory>
<class(es)>:u: User/Ownerg: Groupo: Othersa: All (u, g, and o) - this is often the default if no class is specified.
<operator>:+: Add permission(s)-: Remove permission(s)=: Set permission(s) exactly (and remove others for the specified class)
<permission(s)>:r: Readw: Writex: Execute
chmod Examples (Symbolic)
- Give the owner execute permission:
chmod u+x myfile.sh - Remove write permission for the group and others:
chmod go-w important_data.txt - Set permissions for others to read-only (removes any existing w or x for others):
chmod o=r public_info - Allow everyone to read and write, but only the owner to execute:
chmod a+rw,u+x script.pl
Recursive chmod for Directories (-R)
To change permissions for a directory AND all files and subdirectories within it, use the -R (recursive) option.
Use with caution!
chmod -R u+w my_project_folder/
This would add write permission for the owner to my_project_folder and everything inside it.
Using Octal Notation with chmod
chmod also accepts octal numbers directly to set permissions. Here, you add the weights for the permissions you want to grant for each class (owner, group, others).
Syntax:
chmod <octal_mode> <file_or_directory>
chmod Examples (Octal)
-
Set permissions to
rwxr-xr-x(owner: rwx, group: r-x, others: r-x): Owner:4+2+1 = 7Group:4+0+1 = 5Others:4+0+1 = 5Command:chmod 755 my_script.sh -
Set permissions to
rw-r-----(owner: rw-, group: r--, others: ---): Owner:4+2+0 = 6Group:4+0+0 = 4Others:0+0+0 = 0Command:chmod 640 sensitive_data.doc
Setting Default Permissions with umask (User Mask)
The umask command controls the default permissions that are set when new files and directories are created. It specifies which permissions should be removed from the system's default maximum permissions.
Understanding umask and Octal Notation
umask uses a three-digit octal (base-8) number. Each digit corresponds to owner, group, and others, respectively. The value of each digit represents the permissions to be masked out (removed).
Permission Weights (for calculating octal values):
| Permission | Read (r) |
Write (w) |
Execute (x) |
|---|---|---|---|
| Weight: | 4 | 2 | 1 |
How umask Works:
* System default for new files is often 666 (rw-rw-rw-).
* System default for new directories is often 777 (rwxrwxrwx).
* The umask value is subtracted from these defaults.
Example:
If umask is 022:
* For new files: 666 - 022 = 644 (rw-r--r--)
* For new directories: 777 - 022 = 755 (rwxr-xr-x)
Setting the umask:
umask <octal_value>
For example, to set umask so new files are rw-r----- (640) and directories are rwxr-x--- (750), you'd want to mask out 027:
umask 027
0for owner (mask nothing out:rwxfor dirs,rw-for files remains)2for group (mask out write:r-xfor dirs,r--for files remains)7for others (mask out read, write, execute:---for dirs and files remains)
You typically set umask in your shell startup files (e.g., .bashrc, .zshrc) to have it apply to all your sessions.