Unix allows you to regulate who has access to the files in your directory, separating all users into three categories:
- You,
- Users in your group, and
- All other uses.
These are denoted by 'u', 'g', and 'o'.
For each of these categories, Unix allows you to specify whether people in that category are allowed to
- Read (but not change or modify) the file,
- Write to (i.e., change, modify, delete) the file, and
- Execute the file.
These are denoted by 'r', 'w', and 'x', respectively, and when you do an ls -l,the first column signifies the read, write, and executing capabilities for you, your group, and the rest of the world:
{ecelinux:1} ls -l -rwxr-xr-x 1 ece250 ece250 3620 Aug 1 00:52 index.html -rw------- 1 ece250 ece250 325 Jul 31 23:35 test.c -rwx------ 1 ece250 ece250 325 Jul 31 23:42 a.out* {ecelinux:2}
The first character (all of these have dashes) is a d if the file is a directory and an l if the file is a linked directory.
The presence of a letter indicates that that operation is allowed, while a dash indicates that it is not allowed:
- The file index.html may be read, written to, and executed by the user ece250 and it can be read and executed by anyone in the group or anyone,
- The file test.c may be read and written to by the user ece250 but no-one else can even view the file, and
- The file a.out may be read, written to, and executed by the user ece250 but no-one else can even view the file, and
To change the permissions, you may use the chmod by specifying which category you wish to change, and whether you wish to add or remove certain types of permission. For example, to remove execute permissions from the group and all others, use the - symbol:
{ecelinux:2} chmod go-x index.html {ecelinux:3} ls -l index.html -rwxr--r-- 1 ece250 ece250 3620 Aug 2 15:15 index.html* {ecelinux:4}
To add permission, use +:
{ecelinux:4} chmod go+rwx a.out {ecelinux:5} ls -l a.out -rwxrwxrwx 1 ece250 ece250 325 Jul 31 23:42 a.out* {ecelinux:6}
An alternate approach is to think of each triplet as an octal number, where a 1-bit in the binary representation represents that that permission is allowed. In this case, we have:
{ecelinux:6} chmod 755 index.html {ecelinux:7} ls -l index.html -rwxr-xr-x 1 ece250 ece250 3620 Aug 2 15:15 index.html* {ecelinux:8}The most common are:
- 600 only you can read and write,
- 700 only you can read, write, and execute,
- 644 you can read and write; everyone else can read,
- 755 you can read and write, and execute; everyone else can read and execute
The default permission for a text file is 600 or rw------- while the default permission for an executable generated by gcc is 700 or rwx------.
Copyright ©2005-2012 by Douglas Wilhelm Harder. All rights reserved.