There are three levels of security associated with every directory and file.
- The first is the "owner".
- The next is the "group". You are assigned to the appropriate group when you get your account.
- The last level is "other" which is everyone on the system.
You can give or take away permission to read, write, or execute to any of user, group, or other. To see what permissions are set, use the command
ls -l
Here are two lines of example output
-rw-r--r-- 1 jsmit001 student 29607 Jun 16 09:34 tutor.vi drwxr-xr-- 1 jsmit001 student 512 Jun 28 11:21 mystuff
They show your userid (in this case, jsmit001) and your group (jsmit001 is a student).
The first character indicates whether the listing is a file or a directory. In this example, the first listing is a file, the second is a directory.
The permissions are given next. They are listed in three sets of three characters each ("r" for read, "w" for write, and "x" for execute). When the permission is turned off there is simply a "-" in the column.
The first set is the permissions for the user, the next set of three is the permissions for the group, and the last set is the permissions for everyone else.
The file "tutor. vi " is readable by everyone and writable by the user. To read a file means you can see the contents. It is a plain file so it doesn't make sense to have execute permission.
The directory "mystuff" is readable by everyone, it can be executed by the user and group members and written to by the user. To be able to execute a directory means to be able to do a "cd" into that directory.
You change the permissions on a directory with the "chmod" command. In "chmod" you refer to user, group, and other with "u", "g", or "o" and you refer to read, write, and execute with "r", "w", and "x".
Permission is given with the "+" and taken away with the "-".
For example, to completely protect a directory from anyone else but you, go to the directory where the one you want to protect is located and type this:
chmod go-rwx dirname
where "dirname" is the actual directory name. Chmod only changes the permissions you specificially reference and leaves the rest alone. If I had done this to "mystuff" the new listing would look like:
drwxr----- 1 jsmit001 student 512 Jun 28 11:21 mystuff
The contents of this directory and everything below it in the directory structure would be protected from prying eyes. For very tight security, you might want to turn off read permission for everyone including yourself, only turning it back on when you need to see the contents of the file. Occasionally you might want to share a directory and its files with others. There could be many files and/or subdirectories which need to have the permission set so that others can look at them. In this case we would want to start at the first directory of interest and "recursively" change the permission. Using the directory "mystuff" as an example you would change directories to where "mystuff" is located and type
chmod -R go+rx mystuff
Note: you must use an uppercase "R" for the switch, otherwise chmod will mistake it for read permission and it will turn off read permission for you on the directory. If this happens you won't be able to access your own directory, but you can just turn it back on with a "+r".
Web Directory Permissions
Setting permissions on a web directory can be somewhat confusing. The confusion arises because people who come on to Bama to browse web pages are actually running as the user "nobody" in the group "nobody." Therefore the permission that controls what a web browser will show from your web pages is set by the permissions for "other". More information about permission can be found on the web at
http://www.bama.ua.edu/~unixinfo/unix/unix-perm.html
and
http://www.bama.ua.edu/~unixinfo/unix/server-perm.html
2.2. Numeric (octal) representation like "644"
If a numeric representation is used (like in chmod command, for example), then it is in the octal format (with the base of 8), and digits involved are 0 to 7. Octal format is used for the simplicity of understanding: every octal digit combines read, write and execute permissions together. Respective access rights for owner, group and others (in this order) are the last three digits of the numeric file
permissions representation. Example: "0644". Here the second digit ("6" in the example) stands for rights of the owner, the third digit ("4" in the example) stands for rights of the group, the fourth digit ("4" in the example) stands for rights of others.
This table shows what numeric values mean:
| Octal digit | Text equivalent | Binary value | Meaning |
|---|---|---|---|
| 0 | --- | 000 | All types of access are denied |
| 1 | --x | 001 | Execute access is allowed only |
| 2 | -w- | 010 | Write access is allowed only |
| 3 | -wx | 011 | Write and execute access are allowed |
| 4 | r-- | 100 | Read access is allowed only |
| 5 | r-x | 101 | Read and execute access are allowed |
| 6 | rw- | 110 | Read and write access are allowed |
| 7 | rwx | 111 | Everything is allowed |