yossman.net members support - introduction to unix file and directory permissions

yossman.net - members support - introduction to unix file and directory permissions.

document first created 1996-08-03.
document URL is http://www.yossman.net/support/permissions.html.
document last updated 2004-01-25.

your account home directory on yossman.net is usually under the /home/ system directory tree (/home/ and /usr/home/ are the same spot on most yossman.net systems). it has certain permissions on it, which determine who has access to what in your home directory. permissions are a pretty important concept, so let's take a brief look at the most important points about them.

consider this example directory listing, which was gotten using the command "ls -als" from the /usr/home/ directory:

total 43
 2 drwxr-xr-x  24 root      operator  1536 Aug  2 15:40 .
 1 drwxr-xr-x  19 root      operator   512 Jul 21 14:57 ..
 1 drwxr-xr-x  10 user1     staff      512 Aug  2 22:03 user1
 1 drwx--x--x   6 user2     staff     1024 Jun 30 05:50 user2
 1 drwx--x--x   8 user3     staff      512 Jul  1 12:00 user3

see the second column in the second line, where it says "drwxr-xr-x"? that's called the "permissions array", and that shows you what the permissions are for each directory or file. using this information in conjunction with the fourth and fifth columns, where in the second row of the listing it says "root" and "operator", tells you who has permissions to look at or change that directory or file. the fourth column shows what user owns the directory or file, and the fifth column shows what main group owns the directory or file.

the permissions array has three groups of permissions of three letters each, which is the "rwxr-xr-x" part. the very first letter of the array is a special letter which denotes things like a directory listing with a "d", which all of the example listings are. the next three letters, "rwx" in the first listing in our example, which is the first set of permissions, are the owner permissions. the next three, "r-x" in this case, are the group permissions. every user on the system belongs to at least one group, which is a way of catagorizing users. finally, the last set of three, "r-x", is the world permissions. this controls the permissions for ANY user on the machine, regardless of who they are or what group they are in.

in the permissions array, an "r" means read permissions, "w" means write permissions to that directory, and "x" means listing permission. if a directory has "x" set, but not "r", then you must know the exact filename of any file you want to list in that directory; you cannot just "cd" to the directory and do "ls", since you will get permission denied.

the first two directory listings in our example look like this:

 2 drwxr-xr-x  85 root      operator  1536 Aug  2 15:40 .
 1 drwxr-xr-x  19 root      operator   512 Jul 21 14:57 ..

these show first the listing for what is known as the "current directory" (/usr/home/), and second the listing for one directory back in the tree, which in this case would be /usr/. you will note that in order to switch to the directory immediately back from your current one you change directory, or "cd", to ".."; the command looks like "cd ..". if you do "cd ." you would be changing directory to the current directory you're already looking at. notice these two directories are owned by root, which is denoted in the fourth column over in the list. the "root" user is the administrator, or the "super user". you won't be able to change permissions on directories or files owned by root.

let's say that you are user1. your directory listing looks like this:

 1 drwxr-xr-x  10 user1     staff      512 Aug  2 22:03 user1

the "drwxr-xr-x" part is your permissions array for your main home directory. the first letter, "d", means "directory", indicating this listing is of a directory as opposed to a file. the first set of permissions, which is the first three letters after the "d", are "rwx". this means the owner, which in this case is user1, has permissions to read the directory contents (with an "ls" for instance), write to the directory (save files, delete files), and execute any program files that are in the directory.

the next three letters, which in this case are "r-x", mean that any user who is in the "staff" user group has access to read your files, and "execute" any programs you have in the directory. they cannot overwrite or delete your files, but the world permissions can change all that. the world permissions, the last set of three letters, which are "r-x" in this case, allow ANY user on this machine to read your files and execute any programs or scripts you have in your home directory. even if you changed the group permissions to disallow any read permissions, the world permissions override that because they apply to any user, not just the users in your group.

let's discuss what these permissions should be for an average user. if you have a web site on yossman.net, then your directory permissions should be "drwx--x--x". to make sure your directory permissions are right, login to yoss.canweb.net and do "cd ..". your home directory will be the same name as your login name, so now do "chmod 711 yourloginnamehere".

if you don't have a web site on yossman.net, you can change the "chmod 711 yourloginnamehere" command to "chmod 700 yourloginnamehere" instead. so for user1, we'd do "chmod 700 user1".