Drop Shadow

Unix Permissions

Unix attempts to keep other people from reading your files and looking at your directories. It does this by keeping track of who owns each file and directory, and looking at a list of permissions for each one. Each file and each directory has its own set of permissions. Thus, you can make files readable even though the directory that it is stored in is not readable.

There are three kinds of permissions: read, write, and use. There are three kinds of users you can give access to: yourself, other users like yourself, and other users not like yourself.

You can make files readable by other users like you, for example, but not readable by users that are not like you. Or, you can make the files readable by users that are not like you but not readable by users that are like you. This can be useful for web files. The web server is a user that is not like you.

Changing permissions

The easiest way to change permissions is to use the File Manager. You can use it for both personal/professional accounts and web accounts.

Types of users

User: u
You are the user. You’re the person who owns and uses the file or directory.
Group: g
For the most part, you can ignore group. There are only a few groups at USD. The largest are students, faculty, and staff/administrative. If you make a file or directory group readable, everyone in your group can read it.
Other: o
Other is everyone. Files that are readable by other can be read by anyone at USD, and, in some cases, on the Internet. The web server is ‘other’ for all users. You will often want to make web files, if they contain sensitive information, readable by ‘other’ but not by ‘group’. (Remember, though, that on a shared server anyone can write a web program that reads such files through the web server itself.)

Types of permissions

Readable: r
A file or directory that is readable can be viewed.
Writable: w
A file or directory that is writable can be edited, deleted, or renamed. In addition, a directory that is writable can have files and directories added to it.
Executable: x
A file that is executable is a computer program. A directory that is executable can be moved into--but its contents can’t actually be listed unless the directory is also readable.

Changing permissions with chmod

A file or directory has separate permissions for each type of user. A file might be readable and writable by User, readable by Group, and have no permissions for other, for example.

The chmod command adds or subtracts permissions to user types, with the “+” (plus) or the “-” (minus) keys. You type chmod type+permission to add a permission, and chmod type-permission to remove a permission.

The command chmod g+r filename lets everyone else in your Group read that filename. The command chmod o-r filename revokes read privileges for Other. You can even revoke write privileges for yourself, if you want to protect a file from being changed or protect a directory from having its files deleted: chmod u-w filename.

  • Replace filename with directoryname if you want to change the permissions on directories.

Advanced chmod

You can also use the “=” (equal) key to set permissions. Rather than adding or subtracting, it sets it to only the specified permission(s). If you type chmod u=r filename, that filename is only readable, no matter what permissions it used to have.

You can also group letters. If you want to make a file readable by everyone, for example, you can type chmod ugo+r filename. The ‘r’ permission (readability) is added to ‘u’, ‘g’, and ‘o’: User, Group, and Other.

Viewing permissions

You take a look at the permissions for a file by typing ls -l filename. The first space is a ‘d’ if this is a directory, or a dash if it's a file. The next three letters are your permissions. The middle three are for your group, and the final three are everyone else (other). Within each ‘set’, the first space is for readable, the second for writable, and the third for executable.

When a space is filled with a dash, this means that that particular permission is not granted.

Examples of permissions

Everyone can do anything to this program.
Only the owner can see or change this file.
The owner can view and change this file, and everyone can view it.
The owner can view this file, but not change it. This protects important files from accidental deletion. In order to delete or change this file, the owner has to change the permissions, by typing chmod u+w filename.
The owner can list this directory, rename it, and move into it. No one else can.
Everyone can move into this directory, but they can’t get a listing once they’re there unless they are the owner.