Unix Permission Levels
The Unix operating system uses permissions to control access to files and directories. In Unix, everything, including directories and hardware devices, is considered a file. The same permissions levels can be used, regardless of the file type. UNIX also has separate permissions for different types of users. You can give one user access, while restricting access for other users. Permissions can be represented by either an alphabetic character or number.
Other People Are Reading
-
Types of People
-
There are three types of users to whom the permissions apply -- the owner, the group, and others. You can see the different permissions for each user by typing "ls -l filename" at a command prompt. The output looks like:
-rwxr--r-- 1 user user 3295 2011-08-02 06:58 filename.txt
The owner is the person who created the file. His permissions are shown as the second, third and fourth values in the first column of the output. In this case the permissions are "rwx" or read, write and execute. The group is a small number of users who share access to certain files. Their permissions are shown as the fifth, sixth and seventh values in the first column of output ("r--" or read only). The others type, or world, is everyone who is not the file's owner or in the group that shares access to the file. The permissions for this type are shown as the last three values in the first column ("r--" or read only).
Read
-
The read permission simply gives the user the ability to view the contents of a file. The user cannot make changes to the file or execute it, if the file is a script. If the read permission is set for a directory, it gives the user the ability to view the contents of the directory. The octal, or numeric, representation of the read permission is "4." The letter value is "r." In the example, all user types can read the file.
-
Write
-
The write permission gives the user the ability to write to the file. If only the write permission is set, the user cannot view the file or execute any scripts. If the write permission is set for a directory, the user has the ability to create files within the directory. The write permission is represented by the octal value "2" and the letter "w." In the example, only the owner had the ability to write to the file.
Execute
-
The execute permission gives the user the ability to execute a script or command. It is represented by the octal value "1" and the letter "x." If a directory has the execute permission set, the user is able to access the files and subdirectories and may copy or move them. All of the Unix commands have the execute permission set for all user types. In the example, only the owner has the ability to execute the file.
Changing Permissions
-
The owner of a file, or the root user, can change the permissions for a file using the "chmod" command. There are two ways to use the chmod command -- using the letter value or the octal code. To use the letter value, the syntax is "chmod who opcode permission." The "who" is represented by the letters "u" (user), "g" (group), "o" (other) and "a" (all). The opcode says whether to add or remove the permissions. The values are "+" (add permission), "-" (remove permission) or "=" assign permission. The letters are "r," "w" and "x". For example, if you wanted to add the write permission for the group in the example, the syntax would be "chmod g+w filename.txt".
To use the octal code, you add the permissions together for each type of user. In the above example, the octal code for the user would be 7, and the octal code for both the group and others would be "4". These three values are put together as user, group, others. The octal code in the example would be 744. To give the group write permissions, the command syntax would be "chmod 764 filename.txt".
-
