Understanding File Permissions
Because Unix is a multi-user operating system, it must enforce restrictions on user access to files. This is accomplished by file permissions; each file has a set of permissions that determine who can read it, who can write to it and who can execute it.
Files have permissions specified for three types of users: owner, group, and other. The owner is often the file creator, however ownership may be changed so this is not always the case. The group is the group of users that the file is associated with, and other represents all other users.
Permissions control a user's ability to perform three actions: read, write and execute. Allowing users read access enables them to view the contents of files and directories. Granting write access enables users to modify and delete files and directories. Lastly, granting execute permissions allows files, such as CGI scripts, to be executed, or run, on the server.
Reading File Permissions
Now that you have an understanding of what file permissions are, we'll go over how to read them. There are two ways you can view the permissions of the files and directories in your account, through your FTP client* and through the shell account that all of our *nix accounts come with.
Using Your FTP Client
Upon connecting to your account via an FTP client, you'll see a directory listing such as this:
If you connect to your account via SSH and do a list with the long list format switch, you'll a directory listing similar to this:
The fifth column, titled "Attr", of the FTP window and the first column of the SSH window show the permissions for each file and directory. For example, the permissions for the file index.html are -rw-r--r--.
- The first character which, in this case is a "-", denotes whether the item is a directory or not. If you look at the top of the listing you will see a directory, the first character of its permission description is a "d".
- The next three characters specify the owner's permissions for index.html; they indicate that the owner has read and write permission for this file.
- The second group of three characters describes the permissions for the group. In the case of this file, the group is only allowed to view the file.
- The last group of characters denotes the permissions any other users have. Again, you can see only read access has been granted for this file.
If you look at the directory list again, you'll see the file myscript.pl has the following permissions: -rwxr-xr-x. Unlike index.html, this file grants every user the ability to execute it. This is essential for this file, which happens to be a Perl script, to function properly.
Just as you can view a file or directory's permissions through an FTP or SSH connection to your account, you can also modify permissions through these means.
- Most FTP clients have a command that allows you to modify the properties
or attributes of a file. For example, in CuteFTP,
a popular FTP client for Windows, right-clicking on a file on the server
allows you to change a file's permissions:
- To modify the permissions of a file or directory through an SSH connection,
you should use the "chmod" command. For example, to grant read and write permission
to the owner and read permission to the group and other users, you would type:
chmod 644 filename.ext
"644" is a code that defines what permissions you want to grant for each user. The left-most number refers to the settings for7 - Read, write, and execute permissions
owner, the middle number for groupand the right-most number for other. Here's a list of the numbers and what they mean:
6 - Read and write permissions
5 - Read and execute permission
4 - Read permissions
3 - Write and execute permissions
2 - Write permissions
1 - Execute permissions
0 - No permissions at all
* Note: Not all FTP clients display or allow you to modify the attributes for files and directories.
- IC Tech. Ref. Document: Your Account's Command Line Interface
- IC Tech. Ref. Document: Using the File Transfer Protocol (FTP)
- A Unix File Permissions Tutorial from Dartmouth College's Research Computing Knowledgebase
- The SSH FAQ
- An SSH How-To