File permissions
File permissions (also known as file mode) are an important concept in the Unix (OS), and you might have already seen file permissions without knowing it. You can see them by listing files in long format, using the command ls -l in your working directory. It should look something like figure 5.1, shown in MobaXterm.
You can make out what most of these columns mean. Starting from the right we have the name of the file/directory, the number of bytes it contains and so on. But what does the column with those weird '-', 'r','x' symbols on the far left mean? Well, this is what's called file permissions, and is what we'll be learning in this section.
File permissions are what they sound like. It's what permits or prohibits users to interact with files. In the early days of computing, before computers became cheap and personal, they were expensive and universities would typically have one mainframe and a bunch of terminals from where users could access the mainframe. As users connected to the same mainframe, they could also access each others files, so in order to protect user files, a file permission system was implemented. It is still very relevant today as super computers use file permission systems to determine who should be allowed to access and work with the data stored within.
Let's go through the file permissions on my_program.sh --> and nothing_here --> in Figure 5.1.
The first symbol, '-' for my_program.sh and 'd' for nothing_here, is the file type and indicate that this is a regular file and a directory respectively.The next 3 characters are rwx for both my_program.sh and nothing_here.
In a Unix (OS) there are 3 things that a user can do with a file, read : r , write : w , and execute : x. So if a file has the file permission, rwx, then the user can read, write and execute the file. Now you might be wondering why there are multiple 'r's, 'w's and 'x's in a file permission. This is simply because we distinguish between 3 types of users; the file owner, group members and other users. When you've created a file, you'd typically also be the file owner of the file, but if you've made the document collectively with a group of people, you might only be a group member. The last type of user, other users, could be any stranger having a look at your files. Each of these type of users have 3 file permissions, read:r, write:w and execute:x. So counting the character for file type as well, there will in total always be 10 characters in any file permission. The hyphen (This is what - is called in computer language) means that a permission is lacking.
For example, the file permission for my_program.sh, -rwxr--r-- translates to:
- The file is a regular file
- The file owner can read, write and execute the file
- Group members and other users can only read the file.
Working with file permissions
Now that we have a basic idea of what file permissions are let's do some work with them. The Unix commands we'll be learning in this section are shown here. If you're using Ubuntu WSL, file permission commands won't work for files located in /mnt/c/*. You have to either go to your home with cd ~ or use MobaXterm.
Unix Command | Acronym translation | Description |
---|---|---|
chmod [OPTION] [MODE] <FILE> | Change mode. | Changes file permissions on a file according to the mode given. No need to be confused about [MODE], as it just another term used for file permission. It can be specified with letters or numbers. It's easier to understand what you're doing with letters but using numbers can be faster. In the example, we'll show how to use both. |
chown [OPTION] [OWNER][:[GROUP]] <FILE> | Change owner. | Change file owner and/or group. This can be done separately or simultaneously by typing [OWNER]:[GROUP]. |
chgrp [OPTION] <FILE> | Change group. | Change group of a file. |
Changing File permissions with chmod
Using letters
In the [MODE] option of chmod, the letters u, g and o are used for user (file owner), group owner and other users respectively. To assign file permissions to users, the symbols + and - are used. So let's say I wanted to make changes to the file permissions of pictures_of_spiderman.jpg in figure 5.1.
Prompt$ chmod g+w pictures_of_spiderman.jpg
Assigns file permission, w, to group owners. This makes the file writable for group owners.
Prompt$ chmod o+rwx pictures_of_spiderman.jpg
Assigns the file permissions, rwx, to other users. This makes the file readable, writable and executable for other users.
Prompt$ chmod u-rx pictures_of_spiderman.jpg
Removes file permission, rx, to the file owner, making it only writable for the file owner.
Using numbers
If you want to assign multiple file permissions to multiple users with one command you can use numbers instead. To understand how, you need to think of file permissions as a set binary numbers (one set for each user), which is how your computer interprets them.
rwx rwx rwx 111 111 111 --- --- --- 000 000 000 rw- -wx r-x 110 011 101 r-- -w- --x 100 010 001
In the last section we learned that bit values (reading from right to left) are 1,2 and 4. We can add the numbers together in to get numbers corresponding to a file permission for each user.
rwx rwx rwx 111 111 111 --> 4+2+1 4+2+1 4+2+1 --> 7 7 7 --- --- --- 000 000 000 --> 0+0+0 0+0+0 0+0+0 --> 0 0 0 rw- -wx r-x 110 011 101 --> 4+2+0 0+2+1 4+0+1 --> 6 3 5 r-- -w- --x 100 010 001 --> 4+0+0 0+2+0 0+0+1 --> 4 2 1
Let's say I wanted to make pictures_of_spiderman.jpg available for reading, writing and execution to everyone:
Prompt$ chmod 777 pictures_of_spiderman.jpg
There's no need to use u, g and o, as the first spot corresponds to u, the second spot corresponds to g and the third spot corresponds to o. If this was to be done with letters to do this with letters, you would have to have used three commands:
Prompt$ chmod u+rwx pictures_of_spiderman.jpg
Prompt$ chmod g+rwx pictures_of_spiderman.jpg
Prompt$ chmod o+rwx pictures_of_spiderman.jpg
When you're using numbers, it's important to know that you're always changing all user file permissions. So if you omit a number at one spot, Unix will assume that its value is 0 and remove all file permissions for this type of user. For example:
Prompt$ chmod 75 pictures_of_spiderman.jpg
This will remove rwx permission for the file owner, give rwx file permission to group users and r-x file permission to other users.
A useful command line option for chmod is, R, which allows you to operate file permissions on all files within a directory.
Prompt$ chmod -R 777 <DIRECTORY>
gives all file permissions to all users.
Changing file ownership with chgrp and chown
The command chgrp is used to change the group ownership of a file and chown can be used change both the file owner and group. As mentioned, every file or directory can be accessed by 3 types of users; the file owner, group users and other users. We've just learned how to change file permissions for the 3 different user types using chmod, but we haven't learned how to change owners and groups. You can change the file owner of a file,
Prompt$ chown [NewFileOwner] <file>
which will replace the original owner with [NewFileOwner] if it's a valid owner. In order to actually test chown and chgrp on your computer you need to actually have different users and groups. As this is probably not something that you have there will be no exercises in using the commands chown and chgrp. You could try to create more file owners and group owners on your computer, but that's entirely up to you. You can change the group owner of a file,
Prompt$ chown :[NewGroup] <FILE>
which will change the group owner to [NewGroup] if it's a valid group. You can also change group and file owner at the same time,
Prompt$ chown [NewFileOwner]:[NewGroup] <FILE>
will change the file owner and group of the <FILE> if [NewFileOwner] and [NewGroup] area valid.
The command chgrp can also be used to change group owners, even though chown can be used for that as well. At first, chown could only be used to change file owner or both file owner and group, hence, chgrp was needed if you only wanted to change the group owner. This, however, is not the case anymore. The best reason for still using chgrp instead of chown is that it lowers the risk of accidentally changing the file owner of a file, which could be problematic. You can change the group of a file by typing,
Prompt$ chgrp [NewGroup] <FILE>
will change the group of the <FILE> if [NewGroup] is valid.
In similar manner to chmod, the command line option, R', can be used to change ownerships on all files within a directory.
Prompt$ chown -R [NewFileOwner] <DIRECTORY>
will change all ownership of all files in <DIRECTORY> to [NewFileOwner]
Exercise 1: Changing file permission with chmod
- Create a file called workfile.txt.
- Change the file permission of the file to ---xrw-rwx.
- Change the file permission of the file to -rwx---r-x.
- Remove all file permission from the file, so that the file permission is ----------.
- Make a shell script file that upon execution will give your workfile the file permission -rwx--x--x, then -r-x-w---- and lastly -rwxrwxrw-.