Every unix file or directory is associated with a user and a group. You can find out a file's user and group by entering the -l option of the ls command. Typing ls -l on a Unix system should produce something like this:
-rw-r--r-- 1 davidson users 29747 Sep 2 00:03 trmptel.zip
The file's user, in this case davidson, is listed in the third column. The file's group, in this case users, is listed in the fourth column.
If you use the ls -l command on a directory, it will list all the files and subdirectories of the directory. If you only want information about the directory itself, use the ls -ld command.
When you create a file or directory, it is owned by you. Only the system operator, aka root, can change its user.
Every user of the Unix operation system can belong to one or more groups. Groups are created by the system operator. To see your groups, type the following cryptic command
On most systems here at UNCA, you will find that you belong to only one group. On bulldog, users are generally associated with either the group facstaff or the group students. On the Computer Science workstations, users are usually associated with group users. If you are a member of only one group, you just as well skip on to the next section.
If you wish to change the group associated with a file or directory to one of your other groups, simply use the command chgrp, as in:
Verify that you successfully made the change by using the ls -ld command, as in:
Unix distinguishes between three types of file access: read, write, and execute. For normal files, not directories, the meaning of these methods of access is straightforward
read | Read contents of file |
write | Write or modify contents of file |
execute | Execute the file as a program |
Since very few files are programs, the execute permission is generally not used for regular files.
These three types of access have related, though slightly different, meanings for directories.
read | List the files within a directory |
write | Add and delete files within a directory |
execute | Access files within a directory |
For directories, the distinction between read and execute access is subtle. We'll look at these in more detail in a bit.
Since every file and directory has an user and group, this creates three classes of potential file accessors
user | User of the file |
group | Group associated with the file |
other | Others -- neither user or group |
So, we have three types of potential accessors and three types of potential access. That gives us nine potential kinds of file access. When you type the ls -l command, the first column gives the permissions associated with a file or directory in a ten-character string.
%woodfin ls -l total 1541 drwxr-xr-x 3 brock root 8192 Jun 13 2000 cgiplay -rw-r--r-- 1 brock root 23316 Jun 27 13:48 characters.html drwxr-xr-x 34 brock man 8192 Jul 21 14:31 classes drwxr-xr-x 2 brock root 8192 Mar 10 2001 comparch drwxr-xr-x 2 brock man 8192 Mar 27 2001 compeng
Let's look at the first two ten-character permission strings: drwxr-xr-x and -rw-r--r--. The first character, in our examples 'd' and '-, give the type of the file or directory. 'd' is for directories and '-' is "regular" files. There are several other infrequently occuring types that we don't discuss here.
The remaining nine characters of the ten-character permission string are broken down into three three-character set strings. For example, rwxr-xr-x is decomposed into rwx, r-x, and another r-x. The three groups correspond, in order, to the three potential types of file accessors: user, group members, and others. The three letters within each group correspond to the three potential type of file access: read, write, and execute (for files) or search (for directories).
Permission drwxr-xr-x is attached to a directory that can be read (listed) and executed (searched) by everyone but can be written only by its user. Permission -rw-r--r-- is attached to a file than can be read by everyone, written only by its users, and executed by no one.
Finally, there are rare times when you will see a 's', 'S', or 't' in the execute position. Consult a reference on Unix system administration if you want to find out more about these cases.
The chmod, change mode, command is used to set the permission of a file or directory. You can either add or remove permissions associated with a file. If you wanted to add write access to a file for members of the file's group, you would execute a command similar to:
To remove read access to a file for everyone but your self, execute:
To remove write access to a file for everyone including self, execute:
Hopefully, you get the idea by now. Use '+' to add access and '-' to remove access. The letters before the '+' or '-' are the folks to whom the action is being applied: 'u' for the user, 'g' for the group, and 'o' for others. The letters after the '+' or '-' are our usual 'r', 'w', and 'x'. And, finally, always use "ls -l" to see if you got it right!