CS350: Unix File Permissions

Unix File Permissions

Every Unix file has an owner and a group. You can find out the groups of all of the files in a directory by using the command ls -lg in the directory. Each file will be listed, along with its owner and group, and some other information. (See man ls for a full description of the output format of the ls command.) You can change the group of a file using the chgrp command. For example, chgrp cs350_059 foo.c will make cs350_059 be the group of the file foo.c. You must be the owner of a file to change its group. Directory files also have groups, and you can change a directory's group the same way. If you need to recursively change the group of a directory and its subdirectories and files, you can use the -R option; e.g., chgrp -R cs350_059 ~/mydir

Every Unix file also has a set of access permissions. The ls -lg command also shows these access permissions. Here is an example of one line of output from ls -lg:

-rwxrw-r--  1 kmsalem   prof        1155 Sep 27  1993 writer

This file (writer) is owned by kmsalem and its group is prof. The 10 characters at the far left describe the access permissions of the file. The first (leftmost) character is - if the file is a regular file, and d if the file is a directory. writer is a regular file. The remaining 9 characters are interpreted in groups of three. The first group of three describes the access permissions of the owner of the file, the next group of three describes the access permissions for members of the file's group, and the last group of three describes the access permissions for everyone else.

There are three characters in each group because there are three types of permissions one can have for a file: read permission, write permission, and execute permission. You need read permission to read a file, write permission to change a file, and execute permission to execute a file (if it is an executable program). In the example above, the owner of the file has all three permissions. The members of the file's group have read and write permissions but not execute permissions. Everyone else has only read permission on the file.

chmod

You can change a file's permissions using the chmod command. See man 1 chmod for more information. Here are some examples:

```
chmod g+r file
```
adds read permission for members of the file's group
```
chmod o+w file
```
adds write permission for everyone else (o = others)
```
chmod o-r file
```
removes read permission for everyone else
```
chmod u-x file
```
removes execute permission for the owner(u = user/owner)

Continuing with the example, if kmsalem were to run the command chmod o-r writer and then ls -lg, the result should something like the following:

-rwxrw----  1 kmsalem   prof        1155 Sep 27  1993 writer

Note that the read permission for everyone else has been removed. Now, only the owner and group members can read the file writer.

chgrp

It is also possible to change a file's group. You do this using the chgrp command. For example, to change the group of the writer file from prof to cs350, use

chmod cs350 writer

An ls -lg should then show this:

-rwxrw----  1 kmsalem   cs350        1155 Sep 27  1993 writer

Notice that the permissions have not changed. Prior to the chgrp command, users who are part of the prof group would have had read and write access to the writer file. After the change, users who are part of the cs350 group will have read and write access to the file.