unix.file.perm.cmd.line

Department of Geography Computer Labs

File & Directory Permissions in Unix/Linux

The following examples were created while logged onto earth using SSH. Your Unix/Linux home directory (a.k.a. U: drive) file and directory permissions can also be changes while logged onto a Windows XP PC although sometimes the change does not work properly. See separate web page for Windows instructions.

The first line of security on a computer is the user's account password. The second line of defense is the use of file and directory permissions. In the Unix/Linux world, all files and directories have access permissions that can be customized by the user. The user can restrict all access to a file or directory, give complete access to everyone or partial access.

File/directory permissions can be customized for three groups, the owner of the file/directory, users that belong to a group and everyone else who we refer to as the world. Here are examples of each.

Owner: When you log onto your account, you, the user, own all of your files in your home directory. If you have files of a personal nature you would want to set the file permissions so that only you have access to those files.

Groups: Users can belong to one or more groups. For example, a professor may be running a project employing several students. The professor wants all students to have access to the project data but wants to exclude all others. A group can be created with these students as members and the file/directory permissions set so only these students have access to the data.

World: The world consists of everyone else. That includes users who have accounts on the Geography network and all users on the Internet everywhere in the world. World file/directory permissions are of concern to us because web pages must have world permissions set properly to be viewed.

Examples: While logged onto earth in your home directory enter the following command:

ls -al (this is the list command with two options. a means list all files (including environmental files that have names beginning with
a . (period) and l means long listing, that is provide details about each particular file/directory.)

This is an example of output from the ls -al command. your output may vary.

earth.geo.hunter.cuny.edu{testacct2}66:ls -al
total 57
drwx------           7   testacct2   student           512   Jan 30 11:18   ./
drwxrwxrwx    152   root           student         3072   Jan 26 18:05   ../
-rwx------           1   testacct2   student            428   Jan 24 10:15   .cshrc*
-rwx------           1   testacct2   student            235   Jan 24 10:15   .exrc*
-rwx------           1   testacct2   student            409   Jan 30 11:19   .history*
-rwx------           1   testacct2   student            524   Jan 24 10:15   .login*
drw-------           2   testacct2   student            512   Jan 30 11:15   map.sci/
drw-------           2   testacct2   student            512   Jan 30 11:15   Map.Sci/
drw-------           2   testacct2   student            512   Jan 30 11:15   personal/
-rwx------           1   testacct2   student          5467   Jan 24 10:15   .pinerc*
drwxr-xr-x           2   testacct2   student            512   Jan 30 11:15   public_html/
drwx------           2   testacct2   student            512   Jan 30 11:19   .ssh/
-rwx------            1   testacct2   student           683   Jan 24 10:23   .viminfo*
-rwx------            1   testacct2   student         3735   Jan 24 10:15   .Xauthority*
-rwx------            1   testacct2   student       31612   Jan 24 10:15   .Xdefaults*
-rwx------            1   testacct2   student           719   Jan 24 10:15   .xinitrc*
-rwx------            1   testacct2   student           934   Jan 24 10:15   .Xsession*
earth.geo.hunter.cuny.edu{testacct2}67:

The first character tells us whether we are looking at a file ( - ) or directory ( d ). The send 9 characters refer to permissions. There are three fields of three characters. For example:

O G W
rwxrwxrwx

The first three characters are the read, write and execute permissions for the owner of the file, the second group of three characters refer to read, write and execute permissions for users that belong to the group this file/directory is part of and the last three characters refer to read, write and execute permissions for the world.

When you create a new file or directory the default permissions are:

rwx------

These default permissions restrict access to the file to the owner, no one else may look at the contents of the file, modify the contents or, if the file is a program, execute it.

But, if the file is a web file then you must change the permissions to:

rwxr-xr-x

These permissions allow the world to look at the file but not alter it. The Unix/Linux command to change permissions is chmod (change the access mode) along with the proper options. To apply the actual permissions, Unix/Linux assigns a number to each part of the permission:

r	=	4
w	=	2
x	=	1

You add together the values for each permission you want to apply. To add read, write and execute permissions the value would be 4 + 2 + 1 = 7. You determine the numeric value for owner, group and world. For example, to set the proper permissions on a web file in your public_html directory, issue the following command:

chmod 755 filename

To change the permissions of a file so that only the owner has access issue the following command:

chmod 700 filename

Other examples: To change the permissions of all files and directories in your current directory so that anyone can view the file but can't change it::

chmod 755 * (the * is called the wildcard character and means everything)

To change permissions of all files and directories in your current directory AND change the permissions of all files and subdirectories:

chmod -R 755 * (the -R means go recursively dow the subdirectory structure)