Previous Table of Contents Next

File Permissions

File permissions, listed in Table 18-1, apply to regular files and to special files, such as devices, sockets, and named pipes (FIFOs). When a file is a symbolic link, the permissions that apply are those of the file that the link points to.

Table 18-1 File Permissions

Symbol Permission Description
r Read Can open and read the contents of a file.
w Write Can write to the file (modify its contents), add to it, or delete it.
x Execute Can execute the file (if it is a program or shell script) or run it with one of the exec(1) system calls.
- Denied Cannot read, write, or execute the file.

Directory Permissions

Directory permissions listed in Table 18-2 apply to directories.

Table 18-2 Directory Permissions

Symbol Permission Description
r Read List the files in the directory.
w Write Add or remove files or links in the directory.
x Execute Open or execute files in the directory.
- Denied Cannot list, write, or open the files in the directory.

You can protect the files in a directory and its subdirectories by denying access to that directory. Note, however, that superuser has access to all files and directories on the system, regardless of permission settings. Other permission values and their meanings are discussed in the section “Special File Permissions (setuid, setgid, and Sticky Bit)” on page 402.

Octal Values for Permissions

Instead of using the letter symbol, you can use a numeric argument for file and directory permissions. Table 18-3 shows the octal values for setting file permissions. You can use these numbers in sets of three to set permissions for owner, group, and other. For example, the value 644 sets permissions to rw-r—r—: read/write permissions for owner, and read-only permissions for group and other.

Table 18-3 Octal Values for File and Directory Permissions

Value Permissions Description
0 No permissions
1 —x Execute-only
2 -w- Write-only
3 -wx Write, execute
4 r— Read-only
5 r-x Read, execute
6 rw- Read, write
7 rwx Read, write, execute

Default umask

When a user creates a file or directory, it is created using a default set of permissions. These default permissions are determined by the value of umask that is set in the /etc/profile system file or in the user's .cshrc, .login or .profile file. If no umask is set, the system sets the default permissions on a text file to 666, granting read and write permission to user, group, and other, and to 777 on a directory or executable file.

 777 full permissions
-022 umask
 755 allowed permissions

The value assigned by umask is subtracted from the default. It denies permissions in the same way that the chmod command grants them. For example, while the command chmod 022 grants write permission to group and others, umask 022 denies write permission for group and others.

Table 18-4 shows some typical umask settings and describes the effect on an executable file.

Table 18-4 umask Settings for Different Security Levels

Security Level umask Disallows
744 (Permissive) 022 Write for group and others
740 (Moderate) 027 Write for group; read, write, execute for others
741 (Moderate) 026 Write for group; read, write for others
700 (Severe) 077 Read, write, execute for group and others

File Types

A file can be one of the six types listed in Table 18-5.

Table 18-5 File Types

Symbol Description
- Text or program
d Directory
b Block special file
c Character special file
p Named pipe (FIFO)
L Symbolic link

File Administration Commands

Table 18-6 lists the file administration commands that you can use on files or directories.

Table 18-6 File Administration Commands

Command Description
ls(1) List the files in a directory and display information about them.
chown(1) Change the ownership of a file.
chgrp(1) Change the group ownership of a file.
chmod(1) Change permissions on a file.

Displaying File Information

Use the ls command to display information about files in a directory. The -l (long) option to the ls command displays the following information:

  Type of file and its permissions
  Number of hard links
  Owner of the file
  Group of the file
  Size of the file, in bytes
  Date the file was created or the last date it was changed
  Name of the file

The -a option to the ls command displays all files, including hidden files that begin with a dot (.). To display information about files, type the following:

castle% ls -la

Previous Table of Contents Next