Using File Modes for UNIX


Each file in the UNIX file system has a file mode associated with it. The file mode indicates the type of file and access permissions. The best way of examining the mode of a file is with the ls command in long format: ls -l. The long format of ls shows information about a file including the file mode, owner, size, date & time, and name, and if ls -lg is entered, group ownership will also be displayed. For example, if there are two files in a directory, a directory called dir and a file called file, then:

 % ls -lg
total 1
drwx------  2 progasst  firstaid      512
Jan  5 $
-rwxr-xr--  1
progasst  firstaid        0 Ja$
%

The file mode is in the first column and shows a series of 10 letters and dashes. The first character of the file mode indicates the type of file. The most common values for this are 'd' if the entry is a directory, 'l' if it is a symbolic link, and '-' if it is a plain file.

Following the file mode are 9 characters grouped in three sets of three that indicate owner permissions of the file, group permissions, and finally other (or everybody else) permissions, respectively. The group of three characters will appear in order of rwx, or a '-'. 'r' means that the file is readable, 'w' means that it is writable, 'x' means that it is executable, and '-' means that the indicated permission is not granted. Owner permissions apply to the owner of the file, the group applies to the members of the group associated with the file (as explained in the article Users, Groups, and File Ownership in UNIX), and other applies to everybody that does not fall into the previous two categories. Note that these categories are exclusive. If you are in someone's group, and they have a file with read permissions for user and other, but not group, you will not be able to read it even though people not in your group will be able to!


Access Permission of a File

The access permissions of a file mean different things depending on whether the file is a directory or not. If the file is just a regular file then permissions are rather straight forward. Read access on a file allows the file's contents to be viewed. Write permission allows the contents to be altered, which includes overwriting, changing, adding, and deleting existing text. Finally execute permissions allow the file to be run as a program. There are quirks however, write access without read access will not produce the desired results, that is it does weird things. If a shell script is given execute permissions but not read permissions it will fail, because the shell will not be able to read the contents of the file. However, binary files with only execute permission do work, due to the special properties of a binary executable.

Access Permissions on a Directory

The access permissions on a directory are a bit different. Execute permission gives the ability to access the directory listing. If you don't have execute permission on a directory, then you do not have any permissions at all on the directory, since all the other permissions require that you be able to access the directory. 

Read Permission on a Directory

Read permission on a directory, allows you to read the contents of the directory file. So, to do an ls on a directory (like ~progasst) you need read permission on the directory. What if you only have execute permission on the ~progasst directory (so you can't do ls), but you know there is a file called readme that you have permission to read? Since you have execute permission you can access the directory - you just can't list the contents of the directory since you don't have read permission on the directory file. In this case that is all the permission you need though since you already know the file name. Just enter ~progasst/readme and you will be able to access the file.

Write Permission

If you remember the properties of a directory file, then you should be able to figure out what write permission gives you on a directory file. Write permission gives you the ability to modify the contents of the directory file, but not the contents of any of the files within the directory. This is granted by the permissions on the individual files. 

Permission Change

Permissions of a file can be changed with the chmod command, which accepts two modes of permissions changing. First is absolute mode, which takes an octal number constructed by OR'ing various mode's together.

The other mode is called symbolic mode, which uses the syntax:

chmod [who][operator][permissions] [files....]

The who parameter is a set of characters that indicate to whom the permissions should apply, and they can have the value 'u' for user's (or owner's) permissions, 'g' for group permissions, 'o' for everybody else's (excluding the owner and members of the group) permissions, and 'a' for everybody's (owner, group, and other's) permissions.

The operator indicates how the permissions should be applied. A '+' will add the permissions, '-' will take away the permissions, and '=' will assign permissions absolutely (i.e., add the permissions indicated, and take away any that are not).

The permissions are taken from the set 'r', 'w', and 'x', meaning read, write and execute, respectively.

For example:

chmod go+r mr.file

adds read access to the group and the rest of the world on mr.file.

Operators and permissions can be stacked up, allowing the following:

chmod u+x,g=x,o= mr.file

which gives execute permission to the owner of a file, and sets only execute permission for the group, and sets no permissions on mr.file for anyone else.