Numeric permissions

From FreeBSDwiki
Jump to: navigation, search


How permissions are defined

File permissions are shown when you do an ls -l on a file or directory:


The green circle highlights the first bit, which tells you if the file is a regular file (with a -), a directory (with d), a link (with l), or a unix domain socket (with s; not shown in this pic). The next three bits (red circle) show you the permissions on the file for the file's owner or user. The next three (yellow circle) show you permissions for the group the file belongs to. The last three (blue circle) show you permission for others -- anyone who is not the file owner or member of the group is other.

Permissions bits read r (the file can be read), w (the file can be written to), or x (the file is executable); a - in the place of any of those means that that bit is set to off.

If you noticed that all the files are of 0 byte size, the reason is because they're examples only and were created with touch. Congratulate yourself and go get a beer, you're paying far too much attention to the picture.

Context is everything

Note that the directories are set as executable for both user and group members. You have to "execute" a directory when you cd into it as well as (somewhat more importantly) when you search it with find.

How default permissions are set

Which permissions you file are created under by default are set by your umask, which is often set in your shell configuration file (.profile, .bashrc, .bash_profile, .cshrc, .tcshrc, etc. -- it can also set your umask by just running umask).

Changing file permissions

You can change the permissions of a file with chmod and the owner/group of a file with chown (group can also be set with chgrp).

To change permissions with chmod, you'll need to know how to tell the shell what permissions you want changed. There are two ways to do this, and they're both equal, although once you get the hang of using the numbers, you'll find that it's much more absolute and hence easier to be sure that the permissions that you asked for are the only ones that you'll get.

1. Defining permissions numerically

There are two ways to learn this: by rote, or comprehensively. If you just want a fast explanation of what the most commonly used numbers mean, it's like this:

7 ... rwx ... read/write/execute (all permissions)
6 ... rw- ... read/write (read/write, but do not execute) 
5 ... r-x ... read/execute (read-only, execution allowed)
4 ... r-- ... read (read-only, NO execution allowed)
0 ... --- ... (access denied)

Permission flags of 3, 2, or 1 (-wx, -w-, or --x) are also possible, but are very rarely used.

For the more comprehensive explanation, you'll need to know that the three permissions in a set (rwx) can be represented in binary as on or off, and you'll need to understand binary counting. This may help you a bit:

l r w x r w x r w x
- - - - - - - - - - 
  4 2 1 4 2 1 4 2 1

If you want to set the permission for a particular file to rwxr-x---, you just need to add the numbers up for each trio:

rwx == 4+2+1 == 7, 
r-x == 4+0+1 == 5,
--- == 0+0+0 == 0.

So give the command

#chmod 750

and will have the permissions: -rwxr-x---

2. Defining permissions symbolically You'll want to tell chmod what to change the permissions to; for this you'll want to know that to chmod, u == user, g == group, o == others and a == all, also that you can add and remove permisions with the =, + and - signs:

chmod u=rwx,g=rx

tells chmod "give these values and these values only"

chmod ug+rx

tells chmod "add r and x permissions to user and group for"

chmod o-rwx

tells chmod "remove rwx permissions from the others group" -- note that this is the same as

chmod o-a

see also ACL.

Personal tools