CIS 4307: File Permissions

Every directory and file on the system has an owner, and also an associated group. It also has a set of permission flags which specify separate read, write and execute permissions for the 'user' (owner), 'group', and 'other' (everyone else).

The 'ls' command shows the permissions and group associated with files when used with the -l option. An example of the output produced by 'ls -l' is shown below.

drwx------    2    richard    staff     2048    Jan  2 1997     private
drwxrws---    2    richard    staff     2048    Jan  2 1997     admin
-rw-rw----    2    richard    staff    12040    Aug 20 1996     admin/userinfo
drwxr-xr-x    3    richard    user      2048    May 13 09:27    public

Field 1:   a set of ten permission flags
Field 2:   link count
Field 3:   owner of the file
Field 4:   associated group for the file
Field 5:   size in bytes
Field 6-8: date of last modification (format varies, but always 3 fields)
Field 9:   name of file (possibly with path, depending on how ls was called)

The permission flags are read as follows (left to right)

Position Meaning
1 directory flag, 'd' if a directory, '-' if a normal file
2,3,4 read, write, execute permission for User (Owner) of file
5,6,7 read, write, execute permission for Group
8,9,10 read, write, execute permission for Other

Value Meaning
- in any position means that flag is not set
r file is readable by owner, group or other
w file is writeable
x file is executable. Execute permission on a directory means you can list the files


The command to change the permission flags is "chmod". Only the owner of a file can change its permissions.

Usage: chmod [options] (who) (opcode) (permission) (filename)

Who: Opcode: Permission:

See the online manual pages for details of these commands on any particular system (e.g. "man chmod").

Examples of typical useage are given below:

chmod g+w myfile
give group write permission to "myfile", leaving all other permission flags alone

chmod g-rw myfile
remove read and write access to "myfile", leaving all other permission flags alone

chmod g+rwx mydir
give full group read/write access to directory "mydir"

chmod u=rw,go= privatefile
explicitly give user read/write access, and revoke all group and other access

chmod -R g+rw .
give group read write access to this directory, and everything inside of it (-R = recursive)