pavement

Numeric permissions

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
(How default permissions are set)
m (Reverted edits by 213.61.157.93 (Talk); changed back to last version by Jimbo)
 
(20 intermediate revisions by 4 users not shown)
Line 5: Line 5:
 
[[Image:Permissions-example.png|thumb|Description]]
 
[[Image:Permissions-example.png|thumb|Description]]
  
The green circle highlights the first bit, which tells you if the file is a regular file (with a '''-'''), a directory (with '''d''') or a link (with '''l'''). The next three bits show you the permissions on the file for the file's ''owner'' or ''user''. The next three show you permissions for the group the file belongs to. The last three show you permission for ''others'' -- anyone who is not the file owner or member of the group is ''other''.
+
The green circle highlights the first bit, which tells you if the file is a regular file (with a '''-'''), a directory (with '''d'''), a link (with '''l'''), or a [[unix domain socket]] (with '''s'''; not shown in this pic). The next three bits (red circle) show you the permissions on the file for the file's ''owner'' or ''user''. The next three (yellow circle) show you permissions for the ''group'' the file belongs to. The last three (blue circle) show you permission for ''others'' -- anyone who is not the file owner or member of the group is ''other''.
  
 
Permissions bits read '''r''' (the file can be read), '''w''' (the file can be written to), or '''x''' (the file is executable); a '''-''' in the place of any of those means that that bit is set to off.
 
Permissions bits read '''r''' (the file can be read), '''w''' (the file can be written to), or '''x''' (the file is executable); a '''-''' in the place of any of those means that that bit is set to off.
 +
 +
If you noticed that all the files are of 0 byte size, the reason is because they're examples only and were created with [[touch]]. Congratulate yourself and go get a beer, you're paying far too much attention to the picture.
  
 
==Context is everything==
 
==Context is everything==
Note that the directories are set as executable for both user and group members. You have to "execute" a directory when you [[cd]] into it as well as (somewhat more importantly) when you ''search'' it.
+
Note that the directories are set as executable for both user and group members. You have to "execute" a directory when you [[cd]] into it as well as (somewhat more importantly) when you ''search'' it with [[find]].
  
 
==How default permissions are set==
 
==How default permissions are set==
Which permissions you file are created under by default are set by your [[umask]], which is often set in your [[shell]] configuration file ([[.bashrc]], [[.bash_profile]], [[.cshrc]], [[.tcshrc]], etc. -- it can also set your [[umask]] by just running [[umask]]).
+
Which permissions you file are created under by default are set by your [[umask]], which is often set in your [[shell]] configuration file ([[.profile]], [[.bashrc]], [[.bash_profile]], [[.cshrc]], [[.tcshrc]], etc. -- it can also set your [[umask]] by just running [[umask]]).
  
 
==Changing file permissions==
 
==Changing file permissions==
 
You can change the permissions of a file with [[chmod]] and the owner/group of a file with [[chown]] (group can also be set with [[chgrp]]).
 
You can change the permissions of a file with [[chmod]] and the owner/group of a file with [[chown]] (group can also be set with [[chgrp]]).
 +
 +
To change permissions with [[chmod]], you'll need to know how to tell the shell what permissions you want changed. There are two ways to do this, and they're both equal, although once you get the hang of using the numbers, you'll find that it's much more absolute and hence easier to be sure that the permissions that you asked for are the only ones that you'll get.
 +
 +
1.  '''Defining permissions numerically'''
 +
 +
There are two ways to learn this: by rote, or comprehensively.  If you just want a fast explanation of what the most commonly used numbers mean, it's like this:
 +
 +
7 ... rwx ... read/write/execute (all permissions)
 +
6 ... rw- ... read/write (read/write, but do not execute)
 +
5 ... r-x ... read/execute (read-only, execution allowed)
 +
4 ... r-- ... read (read-only, NO execution allowed)
 +
0 ... --- ... (access denied)
 +
 +
Permission flags of 3, 2, or 1 (-wx, -w-, or --x) are also possible, but are very rarely used. 
 +
 +
For the more comprehensive explanation, you'll need to know that the three permissions in a set (rwx) can be represented in binary as on or off, and you'll need to understand binary counting. This may help you a bit:
 +
l r w x r w x r w x
 +
- - - - - - - - - -
 +
  4 2 1 4 2 1 4 2 1
 +
If you want to set the permission for a particular file to rwxr-x---, you just need to add the numbers up for each trio:
 +
rwx == 4+2+1 == 7,
 +
r-x == 4+0+1 == 5,
 +
--- == 0+0+0 == 0.
 +
So give the command
 +
#chmod 750 filename.xyz
 +
and filename.xyz will have the permissions:
 +
-rwxr-x---
 +
 +
2. '''Defining permissions symbolically'''
 +
You'll want to tell [[chmod]] what to change the permissions to; for this you'll want to know that to [[chmod]], u == user, g == group, o == others and a == all, also that you can add and remove permisions with the =, + and - signs:
 +
chmod u=rwx,g=rx filename.xyz
 +
tells [[chmod]] "give these values and these values only"
 +
chmod ug+rx filename.xyz
 +
tells [[chmod]] "add r and x permissions to user and group for filename.xyz"
 +
chmod o-rwx filename.xyz
 +
tells [[chmod]] "remove rwx permissions from the others group" -- note that this is the same as
 +
chmod o-a filename.xyz
 +
 +
see also [[ACL]].
 +
 +
[[Category:FreeBSD Terminology]]

Latest revision as of 23:33, 11 October 2007

Contents

[edit] How permissions are defined

File permissions are shown when you do an ls -l on a file or directory:

Description

The green circle highlights the first bit, which tells you if the file is a regular file (with a -), a directory (with d), a link (with l), or a unix domain socket (with s; not shown in this pic). The next three bits (red circle) show you the permissions on the file for the file's owner or user. The next three (yellow circle) show you permissions for the group the file belongs to. The last three (blue circle) show you permission for others -- anyone who is not the file owner or member of the group is other.

Permissions bits read r (the file can be read), w (the file can be written to), or x (the file is executable); a - in the place of any of those means that that bit is set to off.

If you noticed that all the files are of 0 byte size, the reason is because they're examples only and were created with touch. Congratulate yourself and go get a beer, you're paying far too much attention to the picture.

[edit] Context is everything

Note that the directories are set as executable for both user and group members. You have to "execute" a directory when you cd into it as well as (somewhat more importantly) when you search it with find.

[edit] How default permissions are set

Which permissions you file are created under by default are set by your umask, which is often set in your shell configuration file (.profile, .bashrc, .bash_profile, .cshrc, .tcshrc, etc. -- it can also set your umask by just running umask).

[edit] Changing file permissions

You can change the permissions of a file with chmod and the owner/group of a file with chown (group can also be set with chgrp).

To change permissions with chmod, you'll need to know how to tell the shell what permissions you want changed. There are two ways to do this, and they're both equal, although once you get the hang of using the numbers, you'll find that it's much more absolute and hence easier to be sure that the permissions that you asked for are the only ones that you'll get.

1. Defining permissions numerically

There are two ways to learn this: by rote, or comprehensively. If you just want a fast explanation of what the most commonly used numbers mean, it's like this:

7 ... rwx ... read/write/execute (all permissions)
6 ... rw- ... read/write (read/write, but do not execute) 
5 ... r-x ... read/execute (read-only, execution allowed)
4 ... r-- ... read (read-only, NO execution allowed)
0 ... --- ... (access denied)

Permission flags of 3, 2, or 1 (-wx, -w-, or --x) are also possible, but are very rarely used.

For the more comprehensive explanation, you'll need to know that the three permissions in a set (rwx) can be represented in binary as on or off, and you'll need to understand binary counting. This may help you a bit:

l r w x r w x r w x
- - - - - - - - - - 
  4 2 1 4 2 1 4 2 1

If you want to set the permission for a particular file to rwxr-x---, you just need to add the numbers up for each trio:

rwx == 4+2+1 == 7, 
r-x == 4+0+1 == 5,
--- == 0+0+0 == 0.

So give the command

#chmod 750 filename.xyz

and filename.xyz will have the permissions: -rwxr-x---

2. Defining permissions symbolically You'll want to tell chmod what to change the permissions to; for this you'll want to know that to chmod, u == user, g == group, o == others and a == all, also that you can add and remove permisions with the =, + and - signs:

chmod u=rwx,g=rx filename.xyz

tells chmod "give these values and these values only"

chmod ug+rx filename.xyz

tells chmod "add r and x permissions to user and group for filename.xyz"

chmod o-rwx filename.xyz

tells chmod "remove rwx permissions from the others group" -- note that this is the same as

chmod o-a filename.xyz

see also ACL.

Personal tools