All files and directories created in a UNIX/Linux file system will be assigned a set of permissions. These permissions affect three sets of users:
- The owner user
- The owner group
- Other users and groups
The rights of each user on the files consist of being able to read, modify or execute. For example, if we use the command ls -l , the following output is obtained:
drwxr-XR-x | 2 | audain | audain | 4096 | Sep | 24 | 02:03 | Doc |
-RW-r–r– | 1 | audain | audain | 161 | Sep | 24 | 02:05 | proc1 |
drwxr-XR-x | 2 | audain | audain | 4096 | Sep | 24 | 02:03 | Scripts |
permissions | user | group |
The first column is the permissions, the third is the user who owning the file, and the fourth is the owner group. In the permissions column, the initial d means that the item is a directory; the other elements correspond to the read (r), write (w) or execute (x) rights for ( respectively) the owner, the Group and the others. So the Proc1 file can be read and modified by its owner, but only read by the Group and the rest of the world.
The permissions of a user type are represented by a sequence of three bit, those decimal value can therefore be 0 to 7 (3 bits: 23 = 8 possible values). The reading right corresponds to the first bit, writing to the second, and executing to the third:
0 | 0 | 0 |
reading writing
If we convert these binary values into decimal, we have:
Exec
4 reading
2 writing
1 execution
To set access right for a user type using a single decimal number, the sum of these values is summed: for example “r-x” (read and execute) represent three bits 1, 0,1, so at 4 + 1 = 5 (“101” in binary is the number 5…). The number 5 therefore means that the given user type has the read and execute rights on the file.
To define the access rights for all (the owner, the Group and the others), we will makes three sums. For example:
rwxr -xr- x
7 6 6
Command chmod
The command to change the permissions on a file is chmod; its syntax is as follows:
CHMOD MODE FILE
The mode can be represented by the three decimal numbers as explained above, for example:
chmod 664 Proc1
But you can also use symbolic notation to designate the mode. This is based on a letter that designates the categories of users (u, g, o or a), an operator (+,-or =) and a set of permissions (r, w, or x).
u user
g Group
o other
a all
For example, to remove the read rights to the Group on a file, the command is as follows:
chmod g-r Proc1
You can also put more than one symbol on either side of the operator. For example, for all types of users to be able to have read and execute rights:
chmod a=rx Proc1
Umask
When a user creates directories or files, the permissions assigned by default are as follows:
- directories : 755
- files : 644
These default permissions can be changed by changing the permissions mask associated with each user. The mask is a sequence of three numbers that should be subtract from 777 in the case of directories and 666 in the case of files. By example:
list | file | |
777 | 666 | |
mask | 022 | 022 |
result | 755
rwxr-XR-x |
644
RW-r–r– |
list | file | |
777 | 666 | |
mask | 077 | 077 |
result | 700
rwx—— |
600
RW—— |
A user’s mask can be specified in the . bashrc file of his/her personal directory with the following directive:
umask 022