Mother May I?

Unix uses the concept of permissions and ownership to determine who can access a file or directory. Each file or folder is considered to be owned by a user and a group (typically group to which the user belongs). There are a set of permissions associated with each file or folder that determines what actions on that file or folder are allowed for a particular user. There are three types of permissions:

• r - read, allows you to read the contents of a file
  
• w - write, allows you to write to a file or delete it
  
• x - execute, allows you to run a file as a script, or cd to a directory.
  

and three groups to set permissions on:

• User or Owner is the person who created the file
  
• Group is the group that the owner belongs to
  
• Other is everyone else in the world.

You can see the ownership and permissions for a file or folder by using the ls command with the -l option. For example, if readme is a file in the current folder:

ls -l readme

might give the results:

-rw-r--r-- 1 bob staff 0 Jun 17 23:30 readme

This shows that the file readme is owned by user bob and group staff. The permissions are shown by the sequence of ten characters at the start of that line: -rw-r--r--. The first character is a - for a file. Alternatively if it were a d it would indicate a directory. The next three characters (rw-) indicate the permissions for the owner of the file (bob). The next three characters (r--) indicate the permissions for a user who is not the owner of the file, but who is in the group (staff) that owns the file. The last three characters (r--) indicate the permissions for everyone else.

You can remove a read-only file from a directory only if you have write permission for that folder (-rw-r--r--). Typically directories must have execute permission if you want people to have read permission.


Changing permissions

To change the permissions on a file or folder, use the chmod command. For details, see man chmod. The easiest way to change permissions is to use the symbolic modes where the permission changes are specified by add +, remove -, or set = permissions. Use u to indicate that the change applies to the user permissions, g to indicate that it applies to the group permissions, and o for anyone else.

To change the permissions on the file readme to allow the world to have write permission:

chmod o+w readme

If the file isn't owned by the user, preface the command with sudo and supply a superuser password:

sudo chmod g+w readme

To add executable permission to the file (e.g. because it is a script) for the owner of the file and for users in the group that owns the file use:

chmod ug+x readme

To remove the read and write permissions for the group and the world:

chmod go-rw readme

Use the the set = operation to set the permissions to an exact configuration - without regard to what the permissions are currently. To set the file to be readable and writable by the owner, but only readable by group and "other":

chmod u=rw,go=r readme

Things work similarly for directory permissions. Often you want to change the permissions of a directory and all its contents. Do this with the -R option to chmod.

To change a directory and all its contents to be writable by the owner and group use:

chmod -R ug+w Folder

Likewise, the flag X (uppercase) can be combined with the -R option to ensure that a folder and all of its sub-folders have execute permission, but not the files. Typically execute permission is not desirable for files unless they are applications or scripts.

chmod -R ugo+X Folder