virginia montecino
education and technology resourcesHow-to Guides
,,[picture of a bar]
UNIX Permissions
UNIX commands allow you to set permissions. file by file, allowing you to control who can
read a file, write to a file, or view a file on a Web page.  Files uploaded to your Unix account are automatically owned by you.  Unless you give permission for other group members to edit or change a file, they cannot make modifications.
    -- A UNIX string of information, showing permissions for a file:

    -rwxr--r--  8 username groupname 678 Jan 10:10 filename 

    [If you don't share a group space you need not be concerned with group permissions.]

    -- A UNIX string of information, showing permissions for a directory:

    drwxr-xr-x 7 username 229 16384 Dec 13 08:05 public_html
    [The initial dash ("-") in the first permissions string indicates the entry is a file. The letter "d" instead of a ("-") in the 2nd example indicates the entry is a directory.]

What do permissions mean?
  • The first three positions (after the "-" or "d") designate owner's permissions. The r indicates the owner can read the file. The w indicates the owner can write to the file. The x indicates the owner can execute the file.
  • The second three positions designate permissions for the group. In this example, the group members can read, but not write to it or execute it. (Execution permission is usually only given for particular files or a specific directory.) If you don't give others access to write or execute files, ignore this part. 
  • The last three positions are for the world/anyone. To allow your Web pages to be viewed using a browser, you need this permission set to "read." 
  • The number before the user name indicates the levels of directories.
  • Username indicates the owner of the file. Your username appears in this position.
  • Groupname indicates the group to which this file belongs. Your group name will appear in this space. If you don't share a group space you need not be concerned with group permissions.
  • 678 indicates the file's size. The number will change, depending upon the size of the file.
  • Jan 10:10 indicates the date and time the file was modified. The info. will change when the file is modified again.
  • filename indicates the name of your actual file.
Setting permissions:

When you create an .html file in your public_html Web space, you will need to set permissions so that visitors to your Web space can see your file in the browser. (You can enter a directory by typing cd and then typing the directory name.]

To see your permissions, type cd public_html. Then at the prompt>

type: ls  - l

The ls command (the lowercase letter "l" (not the letter "i") and the letter lowercase "s") allows you to see the list of all your files. The - l command (a hyphen, then the letter "l"), will let you see the long format where you can see file permissions.

The three actions you can perform a file:

  • read (view the file
  • write (create, edit or delete)
  • execute (run a script/program or enter a directory)
The categories of people's access:
  • a all users
  • u the owner user 
  • g the owner group
  • o others (neither u, nor g)
The format for permissions is:

chmod {a,u,g,o} {+,-} {r,w,x} files 
The plus ("+") sign indicates give permission.  The minus ("-") sign indicates remove permission.

Permission examples: 

  • chmod a+r files are readable by all
  • chmod a-r files cancels the ability for all to read the file
  • chmod a-rwx cancels all access for all
  • chmod g+rw files give the group read and write permission
  • chmod u+rwx files give the owner all permissions
  • chmod og+rw files give the world and the group read and write permission 
To set permissions use the chmod program:

For example,  If you want all people to read the home page of your Web site (the files which reside in your public_html directory), but do not want to give permission for viewers to alter your files,  you would type:

chmod a+r  index.html 
[The default "home" page in a Web directory should always be called index.html. The string a+r indicates that all can read the Web page file.  Only the "home" /default page in each folder is called index.html.  Change the filename when you set permissions for other files.]

Directory permissions:
Permissions are a bit different for directories:

  • read allows a user to view the directory's contents
  • write allows a user to create new files or delete files in the directory. 
  • execute determines if the user can enter (cd) into the directory or run a program or script.
If you want all group members to be able to write, edit, or delete files you would type at the prompt (in the correct directory): chmod g+w (All group members can write to the file. (Caution -  This means that a user with write privileges in the DIRECTORY can delete files even if he/she does NOT have write permissions for the FILE!)  If you want to create a group of users whose access can be controlled by the group permissions, consult with your system administrator. The system administrator usually has to set up the group.

Some prefer to use numbers to set permissions.  The number equivalents of r, w, x are:
 
OWNER
(USER) 
GROUP
(if you share a directory.file)
PUBLIC
(OTHERS)
R     W      X
R    W    X 
R  W  X
400   200   100
40   20    10
  4    2   1

In order to translate the mode you require to a number, simply add the numbers corresponding to the individual permissions you want. So, if you want the files to be readable and writable by the owner (that is, you), readable by the group, and readable by all the other users of the system, you perform the addition:
 
4 0 0
owner
R ead
2 0 0
owner
W rite
1 0 0
owner
X execute
, 4 0
group
R ead
, 1 0
group
X execute
, , 4
public
R ead
, , 1
public
X execute
_ _ _
7 5 5

Your chmod permission command will look like:

chmod 755 (Leave a space and type in filename.)
Owner can read, write, execute files
Group can read and execute (use) but not change files.
Public can read and execute (use) but not change.
 

[picture of a bar]
virginia montecino
education and technology resourcesHow-to Guides
montecino@gmu.edu