The purpose of this lesson is to introduce how you can control access to your files.
The files in your Unix account are yours to use as you wish (for the most part, the Unix system administrator truly "owns" them.)
You might want to make sure that someone out exploring the Unix file system doesn't visit your home directory and look at your files' contents. Or perhaps, you are working with others and want to share your files. The way to control who gets to see what in your directories is where permissions come in.
Setting File Permissions
Use the Unix chmod command to set the permissions of your files and directories.
The chmod command uses as an argument a string which describes the permissions for a file. The permission description can be in the form of a number that is exactly three digits. Each digit of this number is a code for the permissions level of three types of people that might access this file:
- Owner (you)
- Group (a group of other users that you set up)
- World (anyone else browsing around on the file system)
The value of each digit is set according to what rights each of the types of people listed above have to manipulate that file.
Permissions are set according to numbers. Read is 4. Write is 2. Execute is 1. The sums of these numbers give combinations of these permissions:
- 0 = no permissions whatsoever; this person cannot read, write, or execute the file
- 1 = execute only
- 2 = write only
- 3 = write and execute (1+2)
- 4 = read only
- 5 = read and execute (4+1)
- 6 = read and write (4+2)
- 7 = read and write and execute (4+2+1)
Permissions are given using these digits in a sequence of three: one for owner, one for group, one for world.
Let's look at how I can make it impossible for anyone else to do anything with my apple.txt file but me:
$ chmod 700 apple.txt $
If someone else tries to look into apple.txt, they get an error message:
$ cat apple.txt cat: apple.txt: Permission denied $
If I want other people to be able to read apple.txt, I would set the file permissions like this:
$ chmod 744 apple.txt $
Detecting File Permissions
You can use the ls command with the -l option to show the file permissions set. For example, for apple.txt, I can do this:
$ ls -l apple.txt -rwxr--r-- 1 december december 81 Feb 12 12:45 apple.txt $
The sequence -rwxr--r-- tells the permissions set for the file apple.txt. The first - tells that apple.txt is a file. The next three letters, rwx, show that the owner has read, write, and execute permissions. Then the next three symbols, r--, show that the group permissions are read only. The final three symbols, r--, show that the world permissions are read only.
Look at this demo of chmod.
Exercise: Test out some file permissions
Experiment with a file permissions--be careful, use "junk" files.