CSG, File permissions

Department of Computing	Imperial College London
File permissions

This guide explains how to set file permissions in your home directory (H: drive from Windows). You must log in to a Linux system to do this.

Every file or directory has an owner, usually the person who created that file or directory. The owner can then assign various protections, allowing or prohibiting access. There are three classes of user for every file and directory:

User (u) - the person who created it, also the owner.
Group (g) - several users combined into a user group.
Other (o) - all other users of the system.

Associated with every file are three types of permission:

Read (r) - allowed to read the file.
Write (w) - allowed to change the contents of the file.
Execute (x) - allowed to use the file as a command.

Permissions on directories (folders) are interpreted slightly differently - see below.

By combining the three classes of user and the three types of access, we can come up with a total of nine sets of permissions. These are collectively known as the mode of the file or directory.

You can see the permissions which are set on files in your home directory by using the ls command. For example:

sync01% cd
sync01% ls -al
total 136
drwxr-xr-x 10 cs98t2   cs1          1024 Oct 13 16:31 ./
drwxrwxr-x 394 root     root         6656 Nov 12 12:31 ../
-rw-------   1 cs98t2   cs1             0 Oct  9 10:54 .Xauthority
-rw-r--r--   1 cs98t2   cs1           476 Oct  8 16:40 .cshrc
-rw-------   1 cs98t2   cs1         12206 Oct  8 19:26 .email
-rw-r--r--   1 cs98t2   cs1           113 Oct  3 18:02 .login
-rw-r--r--   1 cs98t2   cs1             9 Sep 24 10:30 .logout
-rwxr-xr-x   1 cs98t2   cs1           451 Oct 20 17:52 .xsession*
drwxr-xr-x   2 cs98t2   cs1           512 Oct  8 13:05 bin/
drwxr-xr-x   2 cs98t2   cs1           512 Oct  7 12:21 public_html/

The ten letters and dashes in the first column indicate the permissions. The letter 'd' at the beginning indicates the item is a directory rather than a file. The following three characters indicate the permissions set for the owner of the files (generally the user logged in, in this case having username 'cs98t2'). The second set of three letters shows the permissions for the group which the user is in (in this case 'cs1' or Computing First Year). The last set of three characters show the permissions for all other users in the department.

If we look at the file called .cshrc the permissions mean the following:

-	it's a file, not a directory
r	readable by owner (cs98t2)
w	writable, can be edited, by owner
-	not executable by owner, cannot be used as a command
r	readable by anyone in group (Computing First Year)
-	not writable by anyone in group
-	not executable by anyone in group
r	readable by anyone who can log in
-	not writable by all
-	not executable by all

On directories the permissions are interpreted as follows:

r--   see the list of files in directory (eg: ls command)
-w-   create and delete files in directory
--x   access files in directory

Changing permissions

The permissions of a file or directory can be changed with the chmod command.

For example, if you wanted to allow members of your group to edit a file, type:

chmod g+w filename

This says "change the mode to allow group (g) to write (w) the file". The list at the top of this page shows you what the letters for user class and permission type mean.

You can remove permissions using - instead of +.

To set the mode so that others cannot read, write or execute a file:

chmod go-rwx filename

If you want to ensure that only you can read, write and execute files in your home directory, type:

chmod go-rwx ~/*

This will not change permissions on what are known as the 'dot' files, files which are important to the system and which have a full stop before their name in the example above. Also note that this will not set permissions within sub-directories or folders. This can be done using the -R flag (modifier) to the chmod command, but it could be dangerous because there may be some files within, for example, the Windows and Netscape directories which have to be set in a certain way in order to work.

Note that any new files created will still have the permissions as set by the file creation mask (umask) which is in the default .cshrc file unless you have a different umask value set in your own .cshrc file. If you want to ensure that all new files you create are readable and writable only by you, add the following line towards the end of your .cshrc file:

umask 077

The manual page has some more information:

man chmod

If you do make any global changes and you have a web page, you will need to check that the permissions of your 'public_html' directory are still set correctly.