Further Information

This reference provide detailed information about ways to apply permissions as well as providing definitions for commonly used terms related to unix permissions.

chmod

chmod [1]. (change mode) is a widely used command to change the permissions of files and directories. It allows the setting of user, group and other bits which each define what rights each classification of user has over the files.

Additionally server-side languages provide functions that are roughly analogous to chmod in terms of operation using absolute notation. For details of how to go about changing permissions programatically see the code examples page

Absolute and Symbolic Notation

chmod provides two types of syntax that can be used for changing permissions. An absolute form using octal to denote which permissions bits are set e.g: 0777. The other, symbolic notation, which uses letters and symbols to define which permissions are set. Octal is more direct and ensures specific permissions will be applied and is the approach used when setting file and directory permissions programmatically.

Symbolic is used to add or remove permissions relative to the existing permissions on that object. In this application we've provided a way to generate symbolic notation by providing an initial octal value for the current permissions of your file and a target permission in octal. This provides a way to explore the syntax of symbolic permissions.

Setting Permissions with chmod

Setting permissions with chmod is straight-forward enough the syntax is:

chmod <perms> <file>

where <perms> can be either octal or symbolic notation e.g:

chmod 0755 foo.sh   # octal
chmod +x bar.sh     # symbolic

For more info on what's possible with chmod run man chmod from your terminal.

Finding and Verifying Permissions with ls

ls [2] Can tell you what files are present in a directory but it can also tell you what the permissions on those files are.

gruyere@meltingpot /test_perms $ ls -l
total 0
-rw-r--r--  1 gruyere  staff   0 27 Feb 19:43 bar
drwxr-xr-x  2 gruyere  staff  68 27 Feb 19:45 baz
-rw-r--r--  1 gruyere  staff   0 27 Feb 19:43 foo

As you can see the letters in the first column indicate the type of the resource as well as telling you the permissions for the resource.

The 3rd and 4th columns also indicate who owns the file and what group it belongs to.

Owner, Group and Other

User:

The user is the owner of the files. The user of a file or directory can be changed with the chown [3]. command.

Read, write and execute privileges are individually set for the user with 0400, 0200 and 0100 respectively. Combinations can be applied as necessary eg: 0700 is read, write and execute for the user.

Group:

A group is the set of people that are able to interact with that file. The group set on a file or directory can be changed with the chgrp [4]. command.

Read, write and execute privileges are individually set for the group with 0040, 0020 and 0010 respectively. Combinations can be applied as necessary eg: 0070 is read, write and execute for the group.

Other:

Represents everyone who isn't an owner or a member of the group associated with that resource. Other is often referred to as "world", "everyone" etc.

Read, write and execute privileges are individually set for the other with 0004, 0002 and 0001 respectively. Combinations can be applied as necessary eg: 0007 is read, write and execute for other.

Read Write and Execute Permissions

Read:

Allows files to be read

Is denoted with "r" in the output of the ls command.

Write:

Allows files to be written

Is denoted with "w" in the output of the ls command.

Execute:

Execute permissions allow binary files to be executed but they also control whether a directory is searchable. For example if a directory has permissions of 0600 you cannot use the cd command to "change directory" into it, nor can you list it's contents.

Execute permissions are denoted with an "x" in the output of ls.

Special Modes

setuid:

Binary executables with the setuid bit (chmod u+s path) can be executed with the privileges of the file's owner. Due to it's nature it should be used with care.

In octal, the setuid bit is set with 4000 e.g: "chmod 4755 path".

setuid has no effect if the user does not have execute permissions.

setuid is represented with a lower-case "s" in the output of ls. In cases where it has no effect it is represented with an upper-case "S".

setgid:

Binary executables with the setgid bit (chmod g+s path) can be executed with the privileges of the file's group.

A useful property is to set the setgid bit on a directory so that all files and directories newly created within it inherit the group from that directory.

In octal, the setgid bit is represented by 2000 e.g: "chmod 2755 path".

setgid has no effect if the group does not have execute permissions.

setgid is represented with a lower-case "s" in the output of ls. In cases where it has no effect it is represented with an upper-case "S".

Sticky bit:

The sticky bit (chmod +t path) was introduced for use with executables as a way of telling an operating system to keep the text segment of the program in swap space after the process had terminated. This was a performance feature designed to make subsequent execution of the program faster.

The sticky bit is more commonly used on directories where it allows the files or directories within to only be moved or deleted by that object's owner, the directory owner, or the super-user.

In octal, the sticky bit is set with 1000 e.g: "chmod 1755 path".

The sticky bit has no effect if other does not have execute permissions.

The sticky bit is represented with a lower-case "t" in the output of ls. In cases where it has no effect it is represented with an upper-case "T".

Use the octal permissions tool to get an idea of how the permissions work together.

References

[1]For more info on the chmod command see: http://en.wikipedia.org/wiki/Chmod
[2]For more info on the ls command see: http://en.wikipedia.org/wiki/Ls
[3]For more info on the chown command see: http://en.wikipedia.org/wiki/Chown
[4]For more info on the chgrp command see: http://en.wikipedia.org/wiki/Chgrp