May 06

You can change file permissions with the chmod command. In Unix, file permissions, which establish who may have different types of access to a file, are specified by both access classes and access types. Access classes are groups of users, and each may be assigned specific access types. The access classes are “user”, “group”, “other”, and “all”. These refer, respectively, to the user who owns the file, a specific group of users, the other remaining users who are not in the group, and all three sets of users. Access types (read, write, and execute) determine what may be done with the file by each access class.

There are two basic ways of using chmod to change file permissions:

Symbolic method

The first and probably easiest way is the relative (or symbolic) method, which lets you specify access classes and types with single letter abbreviations. A chmod command with this form of syntax consists of at least three parts from the following lists:

Access Class Operator Access Type
u (user) + (add access) r (read)
g (group) – (remove access) w (write)
o (other) = (set exact access) x (execute)
a (all: u, g, and o)

For example, to add permission for everyone to read a file in the current directory named myfile, at the Unix prompt, you would enter:

chmod a+r myfile

The  a  stands for “all”, the  +  for “add”, and the  r  for “read”.

Note: This assumes that everyone already has access to the directory where myfile is located and its parent directories; that is, you must set the directory permissions separately.

If you omit the access class, it’s assumed to be all, so you could also enter the previous example as:

chmod +r myfile

You can also specify multiple classes and types with a single command. For example, to remove read and write permission for group and other users (leaving only yourself with read and write permission) on a file named myfile, you would enter:

chmod go-rw myfile

You can also specify that different permissions be added and removed in the same command. For example, to remove write permission and add execute for all users on myfile, you would enter:

chmod a-w+x myfile

In each of these examples, the access types that aren’t specified are unchanged. The previous command, for example, doesn’t change any existing settings specifying whether users besides yourself may have read ( r ) access to myfile. You could also use the exact form to explicitly state that group and other users’ access is set only to read with the  =  operator:

chmod go=r myfile

The chmod command also operates on directories. For example, to remove write permission for other users on a subdirectory named mydir, you would enter:

chmod o-w mydir

To do the same for the current directory, you would enter:

chmod o-w

Be careful when setting the permissions of directories, particularly your home directory; you don’t want to lock yourself out by removing your own access. Also, you must have execute permission on a directory to switch ( cd ) to it.

Absolute form

The other way to use the chmod command is the absolute form. In this case, you specify a set of three numbers that together determine all the access classes and types. Rather than being able to change only particular attributes, you must specify the entire state of the file’s permissions.

The three numbers are specified in the order: user (or owner), group, other. Each number is the sum of values that specify read (4), write (2), and execute (1) access, with 0 (zero) meaning no access. For example, if you wanted to give yourself read, write, and execute permissions on myfile; give users in your group read and execute permissions; and give others only execute permission, the appropriate number would be calculated as (4+2+1)(4+0+1)(0+0+1) for the three digits 751. You would then enter the command as:

chmod 751 myfile

As another example, to give only yourself read, write, and execute permission on the current directory, you would calculate the digits as (4+2+1)(0+0+0)(0+0+0) for the sequence 700, and enter the command:

chmod 700

If it seems clearer to you, you can also think of the three digit sequence as the sum of attributes you select from the following table:

400 read by owner 200 write by owner 100 execute by owner 040 read by group 020 write by group 010 execute by group 004 read by others 002 write by others 001 execute by others

To create an access mode, sum all the accesses you wish to permit. For example, to give read privileges to all, and write and execute privileges to the owner only for a file, you would sum: 400+200+100+040+004 = 744. Then, at the Unix prompt, you would enter:

chmod 744 myfile.ext

Some other frequently used examples are:

777 anyone can do anything (read, write, or execute)
755 you can do anything; others can only read and execute
711 you can do anything; others can only execute
644 you can read and write; others can only read

More information

For more information about chmod, consult the manual page. At the Unix prompt, enter:

man chmod

written by MG \\ tags: , , ,

Leave a Reply