Unix File Permissions


Every Unix file has an owner and a group. You can find out the groups of all of the files in a directory by using the command ls -lg in the directory. Each file will be listed, along with its owner and group, and some other information. (See man ls for a full description of the output format of the ls command.) You can change the group of a file using the chgrp command. For example, chgrp cs354_59 foo.c will make cs354_59 be the group of the file foo.c. You must be the owner of a file to change its group. Directory files also have groups, and you can change a directory's group the same way.

Every Unix file also has a set of access permissions. The ls -lg command also shows these access permissions. Here is an example of one line of output from ls -lg:

-rwxrw-r--  1 kmsalem   prof        1155 Sep 27  1993 writer

This file (writer) is owned by kmsalem and its group is prof. The 10 characters at the far left describe the access permissions of the file. The first (leftmost) character is - if the file is a regular file, and d if the file is a directory. writer is a regular file. The remaining 9 characters are interpreted in groups of three. The first group of three describes the access permissions of the owner of the file, the next group of three describes the access permissions for members of the file's group, and the last group of three describes the access permissions for everyone else.

There are three characters in each group because there are three types of permissions one can have for a file: read permission, write permission, and execute permission. You need read permission to read a file, write permission to change a file, and execute permission to execute a file (if it is an executable program). In the example above, the owner of the file has all three permissions. The members of the file's group have read and write permissions but not execute permissions. Everyone else has only read permission on the file.

You can change a file's permissions using the chmod command. See man 1 chmod for more information. Here are some examples:

Continuing with the example, if kmsalem was to run the command chmod o-r writer and then ls -lg, the result should something like the following:

-rwxrw----  1 kmsalem   prof        1155 Sep 27  1993 writer
Note that the read permission for everyone else has been removed. Now, only the owner and group members can read the file writer.

You should make sure that all three (read,write,execute) permissions for everyone else are turned off for all of your CS354 files. This means that the last 3 characters of the permission list should be -.


$Id: fileperms.html,v 1.4 1999/05/02 18:41:27 cs354 Exp $