An Intro to Unix File Permissions
Unix file permissions can be strange and confusing. This is a basic introduction and cheat sheet.
ls -l file.txt shows you file.txt’s permissions, among other things:
-rw-r--r-- 1 mike staff 0 Nov 1 20:09 file.txt
But what does this stuff mean?
The file name – file.txt – is reported on the far right. To its left, ls reports the date and time when file.txt was last modified: Nov 1 20:09. To the left of this, file.txt’s size – 0 – is shown in bytes. To its left, staff is the group that can access file.txt and mike is the file’s owner. The 1 to the left of mike represents file.txt’s hard link count.
Let’s focus on the first column, though.
The first column – -rw-r--r-- – represents the permissions access modes associated with file.txt.
In Unix-based operating systems, there are 3 things that can be done to a file:
read its content (represented by ar)write to it and/or modify its content (represented by aw)- e
xecute it, as done when running a program (represented by ax)
Every file has permissions attributes associated with…
- owner - What actions can the owner perform on the file?
- group - What actions can a user who is a member of a group that a file belongs to perform on the file?
- other (world) - What actions can all other users perform on the file?
Let’s examine ls -l file.txt’s output again:
-rw-r--r-- 1 mike staff 0 Nov 1 20:09 file.txt
file.txt’s access modes – -rw-r--r-- – can be subdivided into three groups of three, where each character in each group represents permissions pertaining to (1) the owner (the first group of three characters), (2) the group (the second group of three characters), and (3) the world (the third group of three characters):
rw-- the owner (mike) canread from andwrite to the file (but cannot executethe file)r--- the group (staff) canread the file (but cannotwrite to the file or execute the file)r--- all others (“the world”) canread the file (but cannotwrite to the file or execute the file)
Changing permissions mode
The chmod command can be used to change mode.
chmod can be used in two ways:
- symbolic mode
- absolute mode
Symbolic mode
Using chmod with symbolic mode allows setting permissions using a few operators:
| Symbol | Description |
|---|---|
| + | Adds permissions |
| - | Removes permissions |
| = | Sets permissions |
Symbolic mode leverages users flags, which specify the users for whom the permissions settings should be applied:
u- owner permissionsg- group permissionso- all other usersa- all users
For example:
chmod u-x file.txtremoves owner execute permissions from the ownerchmod o+wx file.txtadds userwrite and execute permissions to other userschmod g=rx file.txtsets groupread and execute
Note that if no users flag is provided, a (all users) is the default. For example, the following makes file.txt executable for all users:
chmod +x file.txt
Absolute mode
In contrast to symbolic mode, absolute mode allows the use of chmod with an octal notation system where a number from 0 through 7 represents permissions:
| Number | Ref | Permissions |
|---|---|---|
| 0 | --- | no permissions |
| 1 | --x | execute |
| 2 | --x | write |
| 3 | -wx | write & execute (write (2) + execute (1) = 3) |
| 4 | r-- | read |
| 5 | r-x | read & execute (read (4) + excute (1) = 5) |
| 6 | rw- | read & write (read (4) + write (2) = 6) |
| 7 | rwx | all permissions (read (4) + write (2) + execute (1) = 7) |
For example, let’s review the original permissions on file.txt:
-rw-r--r-- 1 mike staff 0 Nov 1 20:09 file.txt
Expressed as octal notation, file.txt’s permissions are 644:
rw-(6) - the owner (mike) canread from andwrite to the file (but cannot executethe file)r--(4) - the group (staff) canread the file (but cannotwrite to the file or execute the file)r--(4) - all others (“the world”) canread the file (but cannotwrite to the file or execute the file)
To change file.txt’s permissions and add write access to the group (staff):
chmod 664 file.txt
ls -l file.txt
-rw-rw-r-- 1 mike staff 0 Nov 1 20:10 file.txt