Power to Build

Home » Misc » Unix Permissions

Unix Permissions

If you have worked with Unix, you sure have used chmod command. This lets you set the permissions on files and directories. By setting the appropriate permissions on a file, you can avoid mishaps.

Every file, for e.g., has the below permissions:

Read
Write
Execute

A file with Read Attribute set can be read, Write attribute lets you change and save the file and the Execute attribute alone makes it a program (or a script) that can be run. (Not like Windows, where having an extenstion (filetype EXE) makes it executable).

These permissions are typically represented as binary digits in the *nix world. Below table lists out all possible combinations of the above 3 attributes.

rwx Binary Octal Permission
000 0 No permissions
–x 001 1 Execute only
-w- 010 2 Write Only
-wx 011 3 Write and Execute
r– 100 4 Read only
r-x 101 5 Read and Execute
rw- 110 6 Read & Write only (not an executable)
rwx 111 7 All permissions – Read, Write and Execute

Missing of the letter indicate, no permission. So, for e.g., r-x means read and execute only. For e.g., if you gave the permission as r-x, it gives,

READ, NO-WRITE, EXECUTE

If you did CS 101 or Digital logic, you will immediately see this can be represented by 3 binary digits. 1 means attribute set, 0 means no attribute not set. So, the above permission can be written as,

101 = 5

3 Groups of permissions

To make it tighter security, you would want to decide who you want to give what type of access to. Don’t you want to make sure that only certain people can view a file, only some can change it and if it is a script/program, it can or cannot be executed by all? You can do this in Unix and that’s why it is so powerful.

*nix (includes Unix, Linux, Android and Mac OS) systems have a 3 level of permissions:

Owner
Group
Others (Also known by World or Everyone (else))

The owner is the owner of the file. The person that created the file. He/She can have all the permissions, but just because they are owners doesn’t mean they cannot be controlled.

Group permissions are for people that belong to a group – you can create a group like accounting, hr etc and put users in it.

And finally, Others (everyone else) can do the things to the file as mentioned in their permissions.

All these are arranged as 3 sets of permissions:

owner          group          everyone
rwx                  rwx              rwx

The permissions are often written by assigning a binary digit to each permission.
For e.g., here is one set of permissions on a file:
111                    111                 111

Where the 3 bits correspond to Read, Write, Execute (111 = 7)

So, that’s Octal number 777 means everything to everyone. That’s too wide open. Often times, you may see 555, 666, 755 etc.

555 = 101 101 101

The above gives all 3 groups the same rights – only read and execute. If you noticed, even the owner don’t have the permission to change the file anymore. Admin (root) is the only one, that can change it now!!

So, you want to make the file completely hidden from others, except the owner? You set the permissions to 111 000 000 = 700

Or you want only owner and the group to see it? Fine, you can try 550.

Newly Created file

When you create a brand new file, it automatically assumes write permission for the owner and read access to others.

{svaradar@aixbox1} /tmp
$ vi test.txt

{svaradar@aixbox1} /tmp
$ ls -lrt test.txt
-rw-r–r– 1 svaradar itapa 3 Aug 01 16:56 test.txt

The executable permission is not automatically assigned. It has to be added by using Chmod command. See below.

Listing the file permissions

You can see the permissions in text representation, when you do an ls -l on Unix prompt.

$ ls -lrt ksh
r-xr-xr-x 5 bin bin 292132 Aug 18 2014 ksh

Changing permissions

We saw how permissions are used to decide access levels of a file for various groups. How do we set them? That’s where chmod command comes in. Chmod is so versatile – it can take both textual or octal digits to set the permission.

Adding permission(s)

chmod +w test.txt

Unfortunately, this only sets it for the current user. How do you set it for groups and others? chmod offers one letter parameter to indicate who it is given to. This is u = user, g = group, o = others (world), and a = u + g + a.

So for e.g.,
a+w gives write access to all 3 groups. For e.g., to make the above, newly created file, editable by all (but not execute):
chmod a+w test.txt

This can also be achieved by,
chmod 666 test.txt

Removing permission(s)

If you want to remove a permission, simply use -ve sign instead of +.

{svaradar@aixbox1} /tmp
$ chmod 777 test.txt

{svaradar@aixbox1} /tmp
$ ls -l test.txt
-rwxrwxrwx 1 svaradar itapa 3 Aug 01 16:56 test.txt

Everybody has all the permissions. Now let’s remove the executable permission:

{svaradar@aixbox1} /tmp
$ chmod a-x test.txt

{svaradar@aixbox1} /tmp
$ ls -l test.txt
-rw-rw-rw- 1 svaradar itapa 3 Aug 01 16:56 test.txt

Now remove the write permission for others.

{svaradar@aixbox1} /tmp
$ chmod o-w test.txt

{svaradar@aixbox1} /tmp
$ ls -l test.txt
-rw-rw–w- 1 svaradar itapa 3 Aug 01 16:56 test.txt

Directories, Links

Oh yeah, I almost forgot. That – you see at the beginning of the permission string is used to identify directories and links. You guessed it, d for directory and l for link. For files, it is always set to -.

There are other permissions like gid, uid etc. See this link for more on this.

Below link gives a nice to tool to calculate the octal value for various permissions.

http://permissions-calculator.org/


Comments, please?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: