In some cases, guides and manuals may refer to "permissions" as "privileges". In the case of this document, we will use the word "permissions".
Because the Unix is a multi-user machine, you need to protect files and directories from deletion and editing by other people. Before you can understand file permissions (how UNIX protects files), you should have a basic understanding of how files are accessed and how the Unix operating system categorizes users.
Access
You and any other users can access files in three ways:
- read - You do this when you look or display a file on your screen.
- write - You do this when you edit or change a file in some way or even delete it.
- execute - Some files are actually sets of instructions (programs) for the computer. Although very few, if any, of the files in a web directory area will be programs, it is good to give yourself and others execute privileges.
Users
There are three types of users that can access files:
- owner - the owner of the file.
- group - a member of a group to which the owner belongs. This is an electronic group, and on the AgServer may be your department or a special group set up for working on the web site.
- other - everyone else with an account on the AgServer
Nine Ways
Three types of users accessing a file in three different ways equals a total of nine possible ways to access a plain file!!! OR NINE POSSIBLE PERMISSIONS ON ACCESSING A FILE!
| The owner of a file can: | read from the file write to the file execute the file |
| A member of the owner's group can: | read from the file write to the file execute the file |
| Anyone else can: | read from the file write to the file execute the file |
What is the permission for a file/directory?
Now that you understand the many ways a file can be accessed, how do you know what the permissions are? Simply put, permissions are who and how the file can be accessed. To gain a better understanding of permissions you need to list the current files in a directory.
From a Unix prompt, enter dir
The resulting directory displayed shows several columns of information, such as this:
-rwxr-xr-- 1 caldwell ecat 21678 Sep 13 09:27 internetguide.html -rwxrwxr-x 1 ffolinda ecat 3128 Dec 31 09:19 people.html drwxr-xr-x 4 rcasler ecat 512 Dec 16 17:07 pubs/ drwxr-xr-x 2 ffolinda ecat 512 Jan 2 08:56 web/
The permission explanation is the left most column. The owner name is in the middle of the display (the AgServer account logon name) and the group name follows the owner's name.
For the above file named internetguide.html, the permissions are: -rwxr-xr--
Permissions are set by the characters in the following way:
| r | the capability to read a file |
| w | the capability to write/edit/delete a file. |
| x | the capability to execute a file or search a directory. |
| - | No capability to access file. |
- A d at the left most position indicates a directory area; a - at the left most position indicates a file.
- the next three letters indicate the permissions for the owner
-rwxr-xr-- read/write/execute for owner - the middle three letters indicate the permissions for the group
-rwxr-xr-- read/execute for group - the last three letters indicate the permissions for the world
-rwxrwxr-- read for world
Changing Permissions
To change the file permissions, you need to be at a Unix prompt in the directory with the file(s) to be changed. Type the command chmod, a space, three numbers, another space, and then the name of the file you wish to change permissions for, followed by an [Enter]. The command would look something like this:
chmod 744 filename
The three numbers determine the permissions. The first number sets the permissions for the owner, the second for the group, and the last for everyone else. The numbers can range from 0 to 7. Below is an explanation of each number:
| 0 | --- | File can't be read, written to, or executed. |
| 1 | --x | File can only be executed. |
| 2 | -w- | File can only be written to. |
| 3 | -wx | File can be written to and executed. |
| 4 | r-- | File can only be read. |
| 5 | r-x | File can be read and executed. |
| 6 | rw- | File can be read and written to. |
| 7 | rwx | File can be read, written to, and executed. |
Notice that these numbers (and their corresponding values) can be calculated by adding the 1 (x), 2 (w), and 4's (r) values together to generate any value from 1-7.
So, in the example above: chmod 744 filename would change the file's permissions to -rwxr--r--
Here are a few more examples of commonly used permission settings:
| ### | String | Owner's Permissions |
Group's Permissions |
Other's Permissions |
|---|---|---|---|---|
| Directories | ||||
| 775 | drwxrwxr-x | Read Write Execute |
Read Write Execute |
Read Execute |
| 744 | drwxr--r-- | Read Write Execute |
Read | Read |
| 755 | drwxr-xr-x | Read Write Execute |
Read Execute |
Read Execute |
| 711 | drwx--x--x | Read Write Execute |
Execute | Execute |
| Files | ||||
| 664 | -rw-rw-r-- | Read Write |
Read Write |
Read |
| 775 | -rwxrwxr-x | Read Write Execute |
Read Write Execute |
Read Execute |
| 755 | -rwxr-xr-x | Read Write Execute |
Read Execute |
Read Execute |
| 744 | -rwxr--r-- | Read Write Execute |
Read | Read |
A Video Tutorial about Permissions
We have created a video tutorial that illustrates various commands used in changing permissions. This video tutorial is at cals.arizona.edu/ecat/web/videos/permissions.html.
This document was adapted by Linda Ffolliott from two handouts created by
North Carolina Extension Service (authors Mitch Owen and John Dorner).
If you have questions about needing to change permissions of files or directories,
especially if someone else previously owned the files, contact the webmaster@ag.arizona.edu.