If you have worked with Unix, you sure have used chmod command. This lets you set the permissions on files and directories. By setting the appropriate permissions on a file, you can avoid mishaps.
Every file, for e.g., has the below permissions:
A file with Read Attribute set can be read, Write attribute lets you change and save the file and the Execute attribute alone makes it a program (or a script) that can be run. (Not like Windows, where having an extenstion (filetype EXE) makes it executable).
These permissions are typically represented as binary digits in the *nix world. Below table lists out all possible combinations of the above 3 attributes.
|-wx||011||3||Write and Execute|
|r-x||101||5||Read and Execute|
|rw-||110||6||Read & Write only (not an executable)|
|rwx||111||7||All permissions – Read, Write and Execute|
Missing of the letter indicate, no permission. So, for e.g., r-x means read and execute only. For e.g., if you gave the permission as r-x, it gives,
READ, NO-WRITE, EXECUTE
If you did CS 101 or Digital logic, you will immediately see this can be represented by 3 binary digits. 1 means attribute set, 0 means no attribute not set. So, the above permission can be written as,
101 = 5
3 Groups of permissions
To make it tighter security, you would want to decide who you want to give what type of access to. Don’t you want to make sure that only certain people can view a file, only some can change it and if it is a script/program, it can or cannot be executed by all? You can do this in Unix and that’s why it is so powerful.
*nix (includes Unix, Linux, Android and Mac OS) systems have a 3 level of permissions:
Others (Also known by World or Everyone (else))
The owner is the owner of the file. The person that created the file. He/She can have all the permissions, but just because they are owners doesn’t mean they cannot be controlled.
Group permissions are for people that belong to a group – you can create a group like accounting, hr etc and put users in it.
And finally, Others (everyone else) can do the things to the file as mentioned in their permissions.
All these are arranged as 3 sets of permissions:
owner group everyone
rwx rwx rwx
The permissions are often written by assigning a binary digit to each permission.
For e.g., here is one set of permissions on a file:
111 111 111
Where the 3 bits correspond to Read, Write, Execute (111 = 7)
So, that’s Octal number 777 means everything to everyone. That’s too wide open. Often times, you may see 555, 666, 755 etc.
555 = 101 101 101
The above gives all 3 groups the same rights – only read and execute. If you noticed, even the owner don’t have the permission to change the file anymore. Admin (root) is the only one, that can change it now!!
So, you want to make the file completely hidden from others, except the owner? You set the permissions to 111 000 000 = 700
Or you want only owner and the group to see it? Fine, you can try 550.
Newly Created file
When you create a brand new file, it automatically assumes write permission for the owner and read access to others.
$ vi test.txt
$ ls -lrt test.txt
-rw-r–r– 1 svaradar itapa 3 Aug 01 16:56 test.txt
The executable permission is not automatically assigned. It has to be added by using Chmod command. See below.
Listing the file permissions
You can see the permissions in text representation, when you do an ls -l on Unix prompt.
$ ls -lrt ksh
–r-xr-xr-x 5 bin bin 292132 Aug 18 2014 ksh
We saw how permissions are used to decide access levels of a file for various groups. How do we set them? That’s where chmod command comes in. Chmod is so versatile – it can take both textual or octal digits to set the permission.
chmod +w test.txt
Unfortunately, this only sets it for the current user. How do you set it for groups and others? chmod offers one letter parameter to indicate who it is given to. This is u = user, g = group, o = others (world), and a = u + g + a.
So for e.g.,
a+w gives write access to all 3 groups. For e.g., to make the above, newly created file, editable by all (but not execute):
chmod a+w test.txt
This can also be achieved by,
chmod 666 test.txt
If you want to remove a permission, simply use -ve sign instead of +.
$ chmod 777 test.txt
$ ls -l test.txt
-rwxrwxrwx 1 svaradar itapa 3 Aug 01 16:56 test.txt
Everybody has all the permissions. Now let’s remove the executable permission:
$ chmod a-x test.txt
$ ls -l test.txt
-rw-rw-rw- 1 svaradar itapa 3 Aug 01 16:56 test.txt
Now remove the write permission for others.
$ chmod o-w test.txt
$ ls -l test.txt
-rw-rw–w- 1 svaradar itapa 3 Aug 01 16:56 test.txt
Oh yeah, I almost forgot. That – you see at the beginning of the permission string is used to identify directories and links. You guessed it, d for directory and l for link. For files, it is always set to -.
There are other permissions like gid, uid etc. See this link for more on this.
Below link gives a nice to tool to calculate the octal value for various permissions.