File Permissions

Viewing File Permissions

File permissions provide a way of controlling whether other people can read (or even modify) your files. This page discusses how file permissions work in Unix and how to change them.

You can view the permissions on a file by typing ``ls -l filename''. For example, here is the result of typing ``ls -l test.html'' in my home directory:

-rw-r--r--   1 eva        users          831 Sep  8 16:45 test.html
The ``-rw-r--r--'' is the part of the output that shows the permissions. To understand what it means, we need to break it into four parts.

File permissions diagram

The first character indicates the file type. Here it is a dash because test.html is an ordinary file. It could also be a d for a directory, or various other letters for more obscure types of file.

The next nine characters fall into three sets of three, corresponding to the access rights of the user who owns the file, the group which owns the file, and all other users. The three characters in each set indicate whether users in the relevant category may read, write or execute the file. An r, w or x means that the users do have the corresponding right, while a dash means that they do not.

Thus in the above example, eva (the user who owns the file) has the access rights rw-, meaning that she may read and write the file but not execute it (since it's an HTML file, executing it wouldn't make much sense). Everyone else has the access rights r--, meaning that they may read the file but not write or execute it.

The following table shows what read, write and execute permissions mean for ordinary files and for directories.

File Directory
Read Can read the file Can list files in the directory
Write Can edit the file Can create and delete files in the directory
Execute Can run the file as a program Can change to the directory

A note for those who are concerned about the privacy of their files but want to put up web pages. To view a file, one must be able to change to its directory. Thus if your web pages are to be visible, your home directory and your public_html directory must both be executable by everyone.

Changing File Permissions

File permissions are changed by using the chmod command. The format of this command is
chmod permissions list_of_files

``permissions'' is a three-digit octal number where the three digits correspond to the access rights of the user who owns the file, the group and other users, as discussed above. Each octal digit is the sum of 4 if read permission is granted, 2 if write permission is granted and 1 if execute permission is granted. Here are the most commonly needed permissions:

You may notice that the permissions for the group and other users are always the same. Since the group ``users'' contains all users, this makes sense.

You can change the default permissions on new files you create using the umask command. The format of this command is
umask octal_number
where octal_number is a three-digit octal number representing what each category of user may not do with the file.