Demystifying Unix File Permissions And The Chmod Command

ByThe Aha Unix Team

Understanding UNIX File Permissions

UNIX file permissions determine the level of access users have to files and directories. Permissions are associated with three classes of users: the file owner, the group owner, and all other users. The permissions define the read, write, and execute access rights for each class.

The file owner is generally the user that created the file. Each file also belongs to a group consisting of one or more users. All other system users that are not the owner or group members make up the world or others class.

Here is an example directory listing showing file permissions:

$ ls -l
-rw-------  1 jsmith users    120 Feb 26 13:34 file1.txt
-rw-r--r--  1 jdoe    admin   1945 Feb 23 08:10 report.pdf 
drwxr-xr-x  2 jadmin  wheel      6 Jan 14 10:51 scripts

There are 10 characters at the start of each line displaying the permissions. The first character indicates the file type. The next 9 characters represent the read, write and execute permissions for the owner, group owner and world.

Interpreting the Permission Bits

Let’s examine the 10 permission characters in detail:

d  rwx  r-x  r-x
  • First character (d): File type – directory, file, symlink, etc.
  • Next 3 characters (rwx): File owner permissions
    • r: Read permission – view contents of file
    • w: Write permission – modify contents of file
    • x: Execute permission – ability to run a file if it is a script or program
  • Next 3 characters (r-x): Group owner permissions
    • Same as owner permissions but apply to group owner
  • Last 3 characters (r-x): Permissions for world/others
    • Apply to all other users on the system besides owner and group

Some key points about permissions:

  • Not all combinations are applicable for every file type
  • Only directories can have the execute permission enabled
  • Execute permission allows the ability to access directory contents or run a program/script

Here are some examples demonstrating permissions:

-rw-------   Only the owner has full read/write access; no access for group or world
-rw-r--r--   Owner has full access; group and world can only read
-rw-rw----   Owner can read/write; group can read/write; world has no access 
-rwxrwxr-x   Owner, group and world can read/write/execute (for scripts)
drwxrws---   Owner and group can access directory contents; world cannot

Using the chmod Command

The chmod command is used to change the permissions on files and directories. The basic syntax is:

chmod [options] mode file...

To specify a mode, either a symbolic representation or octal notation can be used. Some examples:

chmod g+w file.txt    # Add group write permission
chmod 755 myprog     # Numeric mode for rwxr-xr-x
chmod go-rwx dir1    # Remove permissions

Here are some common permission modes and usage scenarios for chmod:

chmod 700 file      # Private read/write/execute for owner only    
chmod 600 file      # Owner can read and write; all others no access
chmod 755 script    # Owner r/w/x; group and world r-x (executable script)
chmod 777 dir       # Everyone has full r/w/x access 
chmod +t file       # Enable sticky bit 
chmod g=rwx file    # Assign group r/w/x; leave other perms unchanged

Setting Default Permissions on New Files

When new files and directories are created, they receive default permissions as determined by the umask value. This controls the permission bits that are masked out or disabled.

To view or set the umask, use the umask command:

$ umask # Print current value 
0002  

$ umask 0027 # Set umask value
$ umask # New value took effect
0027

Common umask values to set new file defaults for everyone:

umask 0022 # New dirs: 755; new files: 644
umask 0002 # New dirs/files: 775/664 
umask 0077 # New dirs/files: 700/600 (private)

Advanced Permission Topics

In addition to the standard read, write and execute UNIX permissions, there are some advanced topics that add additional controls:

  • Setuid & Setgid – Allows an executed file to assume the permissions of the file owner or group temporarily
  • Sticky Bit – Prevents non-owners from deleting or renaming files in directories like /tmp
  • Access Control Lists (ACLs) – More complex conditional permissions based on users and groups

Here is an example using chmod to set the setuid permission:

chmod u+s myprog

When myprog runs, it will have access to the file owner’s permissions rather than the user executing it. This allows for privileged programs that need temporary enhanced access to run on behalf of other users.

Leave a Reply

Your email address will not be published. Required fields are marked *