DEV Community

Andrew Ackerman
Andrew Ackerman

Posted on • Updated on

Learning about Unix File Permissions

I've recently been tasked with testing out a small program which my employer wrote up. To be really brief about it, it is a piece of code that allows me to type in my terminal t 'sample text' and it'll save it to an intake file which I can find and manipulate in my Text Editor. It's basically a way of taking notes without having to leave Terminal, keeping me focused on whatever the task at hand happens to be.

This was going well for a short while until somehow I deleted the bin. file from my dropbox, where it's currently storing all the information. After restoring the file, as soon as I attempted to use the program again, Terminal would spit out the following:

-bash: /Users/ackerman/Dropbox/Thoughts/bin/t: Permission denied

Having never encountered this before, I began looking in all the wrong places.. I thought something was wrong with my directory, then that maybe something was wrong with the Ruby code it's written in or else I had somehow broken my dropbox.. All of my theories were soon proven wrong, but unfortunately, I didn't really know how to figure the solution out. So after trying for some time, I decided to swallow my pride and ask my employer. Thankfully he was more than willing to help me out, so I'm hoping I can pass on his knowledge to help others who may encounter this!

Every file in Unix has three different permission options:

1. Owner Permissions: This determines the actions that the Owner can perform on the file.

2. Group Permissions: This determines the actions that a member of the group who owns the file, can perform.

3. Other (world) Permissions: This shows the actions that any other user can perform on the file.

So the best way to get a handle on what we need to change is to see the what the file we're working with's permissions are set to.

Once in the directory with the correct file. run the ls -la command if the file you need to modify is hidden, or simply the or ls -l command, if it's not. This will output something similar to this:

drwxr-xr-x 4 ackerman staff 128 Feb 19 11:32 mydir
-rw-r--r-- 1 ackerman staff 157 Feb 19 15:22 myfile

First thing to notice is that the first character is either a d or an - which denotes whether the file is d a Directory or - a file.The next 3 characters designate owner permissions, the three after that show the group permissions and the final three in that segment show the permission for the world/other.

Reading them is quite simple.

r: Indicates the user can read the file.

w: Indicates the user can write to the file.

x: Indicates whether the user can execute the file.

The rest of the information in the line isn't super pertinent to what I'm covering here. But for a greater understanding there are plenty of resources available if you need.

But how do I change the permissions?

In order to change permissions, you'll have use the chmod (change mode) command, followed by whichever category you wish to change access for.

a: All Users
u: The Owner user
g: The Owner Group
o: Others (Neither U, or G)

This is coupled with one or more of three different operators.

+ Adds the designated permission to a file or directory.
- Removes the permission.
= Sets the permissions.

And followed by the permission action we covered before. (r, w or x). Here are some examples of this.

chmod a+r myfile files are readable by all
chmod a-r myfile files cancels the ability for all to read the file
chmod a-rwx myfile cancels all access for all
chmod g+rw myfile files give the group read and write permission
chmod u+rwx myfile files give the owner all permissions
chmod og+rw myfile files give the world and the group read and write permission

This is all well and good for changing file_ permissions, but what about __directories? These need to be changed with a numbering system, and using it this way is called the absolute form. Each number is indicative of whom is getting permission to do what.

400 Read by owner
200 Write by owner
100 Execute by owner
040 Read by group
020 Write by group
010 Execute by group
004 Read by others
002 Write by others
001 Execute by others

In order to use them, simply add them and place them after your chmod command and the file/directory name. This isn't just for directories, and can simply be used for editing individual files. You also don't have to worry about learning all these numbers, as you can use a Permissions Calculator

In example, here's what it took to fix my problem. All I wanted to do was to make it so that the Owner could Read (400), Write (200) and Execute (100) the file, So I ran chmod 700 ./t. When I used the ls -la command after this. You can see the file has been changed to allow me as the Owner full permission to do all I needed to the file.

-rwx------@ 1 ackerman staff 63 Mar 29 09:46 t

I hope this has been of some help to anyone looking for a basic understanding of Unix Permissions. Feel free to let me know if you have any questions!

Top comments (1)

jimmymcbride profile image
Jimmy McBride

Good ol' chmod. I was roaming around my filesystem in root one time and I made some files and directories and went to check it out a few days later and keep getting permissions denied errors and I was like, "WTF?" Tryed good ol' chown to give myself permission, but I was in as home user, not root user, so it didn't work. I needed to switch to root to chown files to home user cause I was in root when I did it. Took me a minute.

"With root power, comes root responsibility"