How to Set File Permissions Using `chmod'
Files and directories in Unix may have three types of permissions: read (`r'), write (`w'), and execute (`x'). Each permission may be `on' or `off' for each of three categories of users: the file or directory owner; other people in the same group as the owner; and all others.
To determine the mode (or permission settings) of a particular file, use the command `ls -lg filename'. This command will produce a message similar to the following:
-rwxr-x--x 1 owner group 2300 Jul 14 14:38 filename
The string of 10 characters on the left shows the mode. The initial character ('-' in this case) indicates what type of file it is. A '-' indicates that the file is a plain file. The character 'd' means it is a directory. Characters 2-4 are, respectively, `r', `w', or `x' if the corresponding permission is turned on for the owner or `-' if the permission is turned off. Characters 5-7 similarly show the permissions for the group; characters 8-10 for all others. The second string shows the number of links that exist to the file. The third string identifies the owner of the file and the fourth string tells what group the owner of the file is in.
To change the mode of a file, use the chmod command. The general form is
chmod X@Y file1 file2 ...
where: X is any combination of the letters `u' (for owner), `g' (for group), `o' (for others), `a' (for all; that is, for `ugo'); @ is either `+' to add permissions, `-' to remove permissions, or `=' to assign permissions absolutely; and Y is any combination of `r', `w', `x'. Following are some examples:
chmod u=rx file (Give the owner rx permissions, not w) chmod go-rwx file (Deny rwx permission for group, others) chmod g+w file (Give write permission to the group) chmod a+x file1 file2 (Give execute permission to everybody) chmod g+rx,o+x file (OK to combine like this with a comma)
The permission scheme described above also applies to directories. For a directory, whoever has `read' permission can list files using the ls command (and thus discover what files are there); whoever has `write' permission can create and delete files in that directory; whoever has execute permission can access a file or subdirectory of known name. To find out the mode of a directory:
ls -dl dir ... Show permissions for the named directory(ies)
ls -al dir ... Long list of all files in named directory(ies) (including those with names starting in `.')
If no directories are specified, the listing is for all files in the current directory. The output will look something like:
drwx------12 fred 592 Jul 11 13:46 . drwxr-xr-x24 root 1424 Jul 10 13:07 ..
The initial `d' in the 10-character mode string indicates that the file is a directory. The file name `.' always refers to the current directory; the file name `..' always refers to the parent of the current directory. Thus, this output shows the permissions for the current directory and its parent.
For more information, including octal specification of permissions, refer to the Unix User's Manual pages for chmod(1) and ls(1). To view these online, enter
A variable called `umask' is used as a permission mask for all newly created files and directories. Umask is a 3 digit octal number. The default umask is 022 = 000 010 010 binary. The two one bits prevent "group" and "other" write permission. So, a newly created file will have rwx permission for the owner, and rx permission for group and others. A umask of 077 = 000 111 111 would cause new files to have no permissions set for group and others. In order to use a umask other than the default, you should include the line `umask num' (where num is an octal number) in your .cshrc file. For more about umask, enter
There may be times that you want to copy a file from someone else's directory. How can you access that directory and copy the file? The following scenario describes the process.
Suppose that user `joe' wants to copy the file `prog.f' from user `fred.' At the Unix prompt, Fred should type
chmod go+x ~
This command changes the mode of Fred's home directory (represented by the ~), giving permission to all users to get to files in that directory. Therefore, Joe can access any file, of which he knows the name, in Fred's home directory. Fred has told Joe that the file he wants is called `prog.f,' so now Joe types
cp ~fred/prog.f prog.f
If Joe had an existing file with the name `prog.f,' which he did not want overwritten by Fred's file, he could instead type
cp ~fred/prog.f prog2.f
If Joe receives a message from the system saying that he is denied permission to copy the file, Fred should make the file readable by others, changing its mode by entering
chmod go+r prog.f
If Joe wanted to copy several files from Fred's home directory, for example `prog.a,' `prog.b,' `prog.c,' and to give these files the same names in his own home directory, he would type
cp ~fred/prog.a ~fred/prog.b ~fred/prog.c .
The period (.) at the end of the command line specifies that the files are to be copied into Joe's current directory (which in this case is his home directory).
Once Joe has copied the files, Fred will probably want to change the mode of his home directory so that it is no longer accessible to the world at large. To do this, Fred should type
chmod go-rx ~
As you can see, a + sign used with `chmod' adds accessibility and a - sign takes it away. It is possible to use these features on directories of all levels and all files within those directories, individually or as a group. For detailed online information about the `chmod' command, enter