Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
3.  Working With Files and Directories File and Directory Security Changing Permissions (chmod)  Previous   Contents   Next 
   
 

The chmod g+w carrots command in the previous example gives the group write permission on the file carrots. The hyphen (-) in the set of permissions for group is changed to a w.

To make this same directory unreadable and unexecutable by other users outside your group type the following commands.

$ ls -l
drwxrwxr-x   2 user2    users        512 Nov  1 09:11 carrots
$ chmod o-rx carrots
$ ls -l
drwxrwx---   2 user2    users        512 Nov  1 09:11 carrots
$

Now, the r (for read) and the x (for execute) in the set of permissions for other users are both changed to hyphens (-).

When you create a new file, the system automatically assigns the following permissions.

-rw-r--r--

When you create a new directory, the system automatically assigns the following permissions.

drwxr-xr-x

For example, to make a new file turnip executable by its owner (user2), type the following command.

$ ls -l turnip
-rw-r--r--   1 user2    users        124 Nov  1 09:14 turnip
$ chmod u+x turnip
$ ls -l turnip
-rwxr--r--   1 user2    users        124 Nov  1 09:14 turnip
$

If you want to change permissions for all categories of users, use the -a option of the ls command. To make a new file garlic executable by everyone, type the following command.

$ ls -l garlic
-rw-r--r--   1 user2    users        704 Nov  1 09:16 garlic
$ chmod a+x garlic
$ ls -l garlic
-rwxr-xr-x   1 user2    users        704 Nov  1 09:16 garlic
$

The x in the output of the ls -l command indicates garlic is executable by everyone.

You can also use the * wildcard character to change permissions for groups of files and directories. For example, to change the permissions for all the files in the current directory veggies so that the files can be written by you alone, type the following command.

$ pwd
/home/user2/veggies
$ ls -l
-rwxrwxrwx   1 user2    users       5618 Nov  1 09:18 beets
-rwxrwxrwx   1 user2    users       1777 Nov  1 09:18 corn
-rwxrwxrwx   1 user2    users       3424 Nov  1 09:18 garlic
-rwxrwxrwx   1 user2    users      65536 Nov  1 09:18 onions
$ chmod go-w *
$ ls -l
total 152
-rwxr-xr-x   1 user2    users       5618 Nov  1 09:18 beets
-rwxr-xr-x   1 user2    users       1777 Nov  1 09:18 corn
-rwxr-xr-x   1 user2    users       3424 Nov  1 09:18 garlic
-rwxr-xr-x   1 user2    users      65536 Nov  1 09:18 onions
$

Note - Perform this chmod operation on the current directory only.


Setting Absolute Permissions

In the previous section, you used the chmod command to change file permissions relative to their current settings. You can also set the permissions for a file or directory absolutely by using numeric codes with the chmod command.

The syntax for this usage of the chmod command is:

chmod numcode name

In this example, numcode is the numeric code and name is the name of the file or directory for which you are changing permissions.

The complete numeric code consists of three numbers. One number is used for each of the three categories: user, group, and others. For example, the following command sets absolute read, write, and execute permissions for the user and the group, and execute permissions only for others.

$ chmod 771 garlic

Table 3-2 illustrates how the the code 771 describes the permissions for garlic.

Table 3-2 Permissions for garlic

Permission

User

Group

Others

Read

4

4

0

Write

2

2

0

Execute

1

1

1

Total

7

7

1

Each of the columns in Table 3-2 represents one of the categories: user, group, and others. To set read permissions, add 4 to the appropriate column. To set write permissions, add 2. To add execute permissions, add 1. The total in all three columns in the last row of the table is the complete numeric code.

The following is another example of using numeric codes to set absolute permissions, with the inclusion of the ls -l command to demonstrate the results.

$ ls -l onions
-rwxr-xr-x   1 user2    users      65536 Nov  1 09:18 onions
$ chmod 755 onions
$ ls -l onions
-rwxr-xr-x   1 user2    users      65536 Nov  1 09:18 onions
$

The chmod 755 onions command sets the permissions for the file onions so that the user can read, write, and execute, group members can read and execute, and others can read and execute. Table 3-3 describes the numeric code that is used to set the permissions for onions.

Table 3-3 Permissions for onions

Permission

User

Group

Others

Read

4

4

4

Write

2

0

0

Execute

1

1

1

Total

7

5

5

To provide read, write, and execute permissions for the file cabbage to yourself, your group, and all other users, type the following command.

$ ls -l cabbage
-rw-r--r--   1 user2    users         75 Nov  1 09:28 cabbage
$ chmod 777 cabbage
$ ls -l cabbage
-rwxrwxrwx   1 user2    users         75 Nov  1 09:28 cabbage
$

Table 3-4 describes the numeric code that is used to set permissions in the previous example.

Table 3-4 Permissions for cabbage

Permission

User

Group

Others

Read

4

4

4

Write

2

2

2

Execute

1

1

1

Total

7

7

7

The numeric code 777 represents the maximum level of permissions you can provide.

Similar to changing relative permissions, you can also use the wildcard character * to set absolute permissions for all in the files in the current directory. For example, suppose you want to set absolute permissions for all files in the current directory as follows:

  • Owner - Read, write, and execute permissions

  • Group - Read and write permissions

  • Others - Execute permissions

To set these permissions, type the following commands.

$ pwd
/home/user2/veggies
$ ls -l
-rwxrwxrwx   1 user2    users       5618 Nov  1 09:18 beets
-rwxrwxrwx   1 user2    users       1777 Nov  1 09:18 corn
-rwxrwxrwx   1 user2    users       3424 Nov  1 09:18 garlic
-rwxrwxrwx   1 user2    users      65536 Nov  1 09:18 onions
$ chmod 751 *
$ ls -l
-rwxr-x--x   1 user2    users       5618 Nov  1 09:18 beets
-rwxr-x--x   1 user2    users       1777 Nov  1 09:18 corn
-rwxr-x--x   1 user2    users       3424 Nov  1 09:18 garlic
-rwxr-x--x   1 user2    users      65536 Nov  1 09:18 onions
$
 
 
 
  Previous   Contents   Next