Basic file permissions in Unix

Is it crazy to say that Unix created file permissions? DOS never had any, and the ones in Windows were added as an afterthought. Permissions in Unix means I can dump something in the /tmp directory and have it available to all… or not. And 30 years ago when disk space was still precious, /tmp was often your friend if you had large files. So what are file permissions? File permissions constrain who can look at your files, and what actions they can perform. Let’s look at the basic structure. Perform a directory listing using “ls -la” and you will get something that looks like this:

fileListing2

There is a lot of information in those lines. Concentrating on the first half of the listings:

fileListing

This listing has two items. The first is a file, the second is a directory. This is identified in the first character of each line. The next series of 9 characters represents the file permissions (ignore the trailing @). Next comes the number of links the file has (we won’t worry about this), the username, and the group the user belongs to. Every user belongs to a group. The example above shows that the user mwirth belongs to a group called “staff“. Now let’s look closer at the permissions. Permissions have the following form:

filePermissions

The first three permissions belong to the user, the next three to the user’s group, and the last three to all other users. The values r, w and x refer to read, write and execute permissions respectively.

  • Read grants the capability to read i.e. view the contents of the file.
  • Write grants the capability to modify the contents of the file.
  • Execute allows the file to be run (so is only relevant for programs).

With respect to directories, read means the user can read the contents of the directory, and write means they can add or delete files to the contents of the directory. So how does this translate to what you see in the listing? Consider the permissions for the file josephus.c :

rw-r--r--

This means the user can both read and write the file, and both the group and other are restricted to reading the file. Neither party has the ability to make changes to the file, or execute it. Presence of the – signifies that the particular activity is not permitted. As this is a C program source file, there is no need for a execute permission, as it is not possible. Now consider the other example for the directory codePython:

rwxr-xr-x

This means that the user can read, write and execute files inside the directory (depending on the files individual permissions), but both the group, and others can only read, and execute files, meaning they have no ability to modify files, or delete them.

If you give a file permissions of rwxrwxrwx, you are basically giving carte blanche access to the file. This is never a good thing.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s