unix file permissions

There are three types of permissions:

  • r – read
  • w – write
  • x – execute

These permissions mean different things for files and directories.

For files:

  • read – you can open and read the file, you can also copy it.
  • write – you can modify the file
  • execute – you can execute (run) the file if it is executable (like a program or a command)

For directories:

  • read – you can ls the directory and see the contents.
  • write – you can make and remove files in that directory.
  • execute – you can cd into that directory.

Use the ls -l command to see the file permissions for your files and directories. Here’s an example:

$ ls -l
[root@Postgres-Portal data]# ls -l
total 128
drwx------ 6 postgres postgres 4096 Nov 13 13:02 base
drwx------ 2 postgres postgres 4096 Nov 9 16:34 dbms_pipe
drwx------ 2 postgres postgres 4096 Nov 13 13:21 global
drwx------ 2 postgres postgres 4096 Nov 9 16:34 pg_clog
drwx------ 2 postgres postgres 4096 Nov 9 16:34 pg_dynshmem
-rw------- 1 postgres postgres 4461 Nov 14 14:54 pg_hba.conf
-rw------- 1 postgres postgres 1636 Nov 9 16:34 pg_ident.conf
drwxr-xr-x 2 postgres postgres 4096 Nov 15 00:00 pg_log
drwx------ 4 postgres postgres 4096 Nov 9 16:34 pg_logical
drwx------ 4 postgres postgres 4096 Nov 9 16:34 pg_multixact

 

For the file permissions, the first letter is either a “d” or a “-“, meaning it’s a directory or a file. The next three characters (e.g., rwx) are the permissions for the owner of the file. Then comes the group permissions (e.g., everyone in the users group), and finally permissions for everyone else. Here are some examples:

  • drwx—— : directory only accessible by owner
  • drwxr-xr-x : directory anyone can access
  • -rwxr-xr-x : file anyone can read and execute
  • -rw-r—– : file only people in the group can read

To see what groups you are in, run the groups command.

changing permissions on a file/directory

Use the chmod (CHange MODe) to change the file permissions. The chmod command can use numbers:

  • 4 – read
  • 2 – write
  • 1 – execute

The reason these aren’t 1,2,3 is because they need to add up to a unique number depending on what combination of them you use.

So, to give read and write permission …

read + write = 4 + 2 = 6

or execute and read permission …

execute + read = 1 + 4 =5

or just execute permission …

execute = 1

or all permissions …

read + write + execute = 4 + 2 + 1 = 7

The chmod command takes three numbers for three permissions:

owner, group, all users (in that order)

The basic chmod command goes:

$ chmod ### directory/filename

So, if you wanted to give read access to all (-rw-r--r--)…

$ chmod 644 filename

To make a file readable, writable, and executable by only you …

$ chmod 700 filename

To make a file readable and executable by you and your group, but only readable by everyone else …

$ chmod 554 filename

chmod can also use letters: u for user (owner), g for group, o for other, and a for all (u, g, and o). So you could dochmod g+r file to add read access for the group. For more information about chmod, see the man page (man chmod).