File Permissions and Sharing Files
Viewing File Permissions
File permissions provide a way of controlling whether other people can read (or even modify) your files. This page discusses how file permissions work in Unix and how to change them.
You can view the permissions on a file by typing "ls -l filename". For example, here is the result of typing "ls -l test.html" in my home directory:
-rw-r--r-- 1 eva statsusers 3325 Aug 2 09:15 test.html
Note: "eva" and "statsusers" are the user and group which own the file. They can be ignored when you are working on your own files. If you are collaborating and want files which more than one person can edit, you need to pay attention to group ownerships.
The "-rw-r--r--" is the part of the output that shows the permissions. To understand what it means, we need to break it into four parts.
The first character indicates the file type. Here it is a dash because test.html is an ordinary file. It could also be a d for a directory, or various other letters for more obscure types of file.
The next nine characters fall into three sets of three, corresponding to the access rights of the user who owns the file, the group which owns the file, and all other users. The three characters in each set indicate whether users in the relevant category may read, write or execute the file. An r, w or x means that the users do have the corresponding right, while a dash means that they do not.
Thus in the above example, eva (the user who owns the file) has the access rights rw-, meaning that she may read and write the file but not execute it (since it's an HTML file, executing it wouldn't make much sense). Everyone else has the access rights r--, meaning that they may read the file but not write or execute it.
The following table shows what read, write and execute permissions mean for ordinary files and for directories.
| File | Directory | |
|---|---|---|
| Read | Can read the file | Can list files in the directory |
| Write | Can edit the file | Can create and delete files in the directory |
| Execute | Can run the file as a program | Can change to the directory |
A note for those who are concerned about the privacy of their files but want to put up web pages. To view a file, one must be able to change to its directory. Thus if your web pages are to be visible, your home directory and your public_html directory must both be executable by everyone. This is the default for your home directory but you may need to type chmod 711 public_html to make your public_html directory accessible.
More about setting up your own web pages
Changing File Permissions
File permissions are changed by using the chmod command. The format of this command is
chmod permissions list_of_files
"permissions" is a three-digit octal number where the three digits correspond to the access rights of the user who owns the file, the group and other users, as discussed above. Each octal digit is the sum of 4 if read permission is granted, 2 if write permission is granted and 1 if execute permission is granted. Here are the most commonly needed permissions:
- 755 means you can do anything with the file or directory, and other users can read and execute it but not alter it. Suitable for programs and directories you want to make publicly available.
- 644 means you can read and write the file or directory and other users can only read it. Suitable for public text files.
- 711 means you can do anything with the file or directory and other users can only execute it. Suitable for directories where you don't want other people browsing through the contents but do want to give them access to selected files. This is the default for your home directory and the minimum access required for your public_html directory if you have a personal website.
- 700 means you can do anything with the file or directory and other users have no access to it at all. Suitable for private directories and programs.
- 600 means you can read and write the file or directory and other users have no access to it. Suitable for private text files.
To make a directory and everything in it readable by all other Maths users, type
chmod -R go+rX my_directory
- -R means recursive (go down into subdirectories)
- go means change permissions for Group and Other
- +rX means add Read permissions, and add execute permissions where appropriate (to be precise, for all directories and for files which already have execute permission for some users).
You can change the default permissions on new files you create using the umask command. The format of this command is
umask octal_number
where octal_number is a three-digit octal number representing what each category of user may not do with the file.
- umask 022 means that other users may not edit your files but may read them and execute them where appropriate.
- umask 066 means that other users may not modify or read your files but may execute them where appropriate (for example, they can change to subdirectories of your home directory).
- umask 077 means that other users may not access your files at all. (This is the default.)
Type man chmod or man umask for more information.
Collaboration and File Permissions
In the above discussion, the permissions for the group and other users were always the same, because most of the default Unix groups we have in the Maths departments are too large for it to make sense to give the group more rights than everyone else. For example, the "statsusers" group contains everyone in the Statslab.
Sometimes, though, a small group of users are collaborating on a project and find it useful to have files which they can all edit. If this applies to you, please email help@maths to request that a Unix group be created for your collaboration.
Once your group has been set up, you can create a group-writable directory for them (replace "ourgroup" with the actual name of your group and "ourdirectory" with anything you like).
mkdir ourdirectory chgrp ourgroup ourdirectory chmod 2775 ourdirectory
What do these commands mean?
mkdir ourdirectoryjust creates the directory.chgrp ourgroup ourdirectorymeans that the directory will belong to your new group.chmod 2775 ourdirectorydoes two helpful things to the directory's file permissions. First, it means that people in your group can create new files in that directory, but other people cannot. Second, the 2 on the beginning sets the "setgid bit", which in this context means that new files in the directory will automatically be owned by "ourgroup".
If you have trouble editing files in your communal directory:
- Use ls -l to check group ownerships and file permissions.
- Use chgrp ourgroup name to make the file or directory "name" belong to your group.
- Use chmod 2775 dirname if you are having trouble creating files in directory "dirname".
- Use chmod 664 filename if you can't edit a specific file.
