|Department of Computing||Imperial College London|
This guide explains how to set file permissions in your home directory (H: drive from Windows). You must log in to a Linux system to do this.
Every file or directory has an owner, usually the person who created that file or directory. The owner can then assign various protections, allowing or prohibiting access. There are three classes of user for every file and directory:
Associated with every file are three types of permission:
Permissions on directories (folders) are interpreted slightly differently - see below.
By combining the three classes of user and the three types of access, we can come up with a total of nine sets of permissions. These are collectively known as the mode of the file or directory.
You can see the permissions which are set on files in your home directory
by using the
ls command. For example:
sync01% cd sync01% ls -al total 136 drwxr-xr-x 10 cs98t2 cs1 1024 Oct 13 16:31 ./ drwxrwxr-x 394 root root 6656 Nov 12 12:31 ../ -rw------- 1 cs98t2 cs1 0 Oct 9 10:54 .Xauthority -rw-r--r-- 1 cs98t2 cs1 476 Oct 8 16:40 .cshrc -rw------- 1 cs98t2 cs1 12206 Oct 8 19:26 .email -rw-r--r-- 1 cs98t2 cs1 113 Oct 3 18:02 .login -rw-r--r-- 1 cs98t2 cs1 9 Sep 24 10:30 .logout -rwxr-xr-x 1 cs98t2 cs1 451 Oct 20 17:52 .xsession* drwxr-xr-x 2 cs98t2 cs1 512 Oct 8 13:05 bin/ drwxr-xr-x 2 cs98t2 cs1 512 Oct 7 12:21 public_html/
The ten letters and dashes in the first column indicate the permissions. The letter 'd' at the beginning indicates the item is a directory rather than a file. The following three characters indicate the permissions set for the owner of the files (generally the user logged in, in this case having username 'cs98t2'). The second set of three letters shows the permissions for the group which the user is in (in this case 'cs1' or Computing First Year). The last set of three characters show the permissions for all other users in the department.
If we look at the file called .cshrc the permissions mean the following:
- it's a file, not a directory r readable by owner (cs98t2) w writable, can be edited, by owner - not executable by owner, cannot be used as a command r readable by anyone in group (Computing First Year) - not writable by anyone in group - not executable by anyone in group r readable by anyone who can log in - not writable by all - not executable by allOn directories the permissions are interpreted as follows:
r-- see the list of files in directory (eg: ls command) -w- create and delete files in directory --x access files in directory
The permissions of a file or directory can be changed with the
For example, if you wanted to allow members of your group to edit a file, type:
chmod g+w filename
This says "change the mode to allow group (g) to write (w) the file". The list at the top of this page shows you what the letters for user class and permission type mean.
You can remove permissions using - instead of +.
To set the mode so that others cannot read, write or execute a file:
chmod go-rwx filename
If you want to ensure that only you can read, write and execute files in your home directory, type:
chmod go-rwx ~/*
This will not change permissions on what are known as the 'dot' files,
files which are important to the system and which have a full stop before
their name in the example above.
Also note that this will not set permissions within sub-directories or
folders. This can be done using the -R flag (modifier) to the
command, but it could be dangerous because there may be some files
within, for example, the Windows and Netscape directories which have to
be set in a certain way in order to work.
Note that any new files created will still have the permissions as set by the file creation mask (umask) which is in the default .cshrc file unless you have a different umask value set in your own .cshrc file. If you want to ensure that all new files you create are readable and writable only by you, add the following line towards the end of your .cshrc file:
The manual page has some more information:
If you do make any global changes and you have a web page, you will need to check that the permissions of your 'public_html' directory are still set correctly.
|© CSG / 2003|