File permission on Unix Systems
Good day ya’ll hope we are all gingered and looking to learn one or two things from this discussion.
On Unix System(actually all systems), we have at least a user or even more. And also we have files. Now that we are reminded of that. You would agree with me that you might want to give access to some file to a particular user, a group of users or everybody (every user).
To manage access to files on a system properly, that gave birth to File Permissions. This means every file you see in a system(e.g your computer) has some set of permission attached to em.
PS: For some moment lets consider a directory(Folder) to be a file also. You’d see how we differentiate them as the discussion goes deep 😉.
Now lets talk about how this permissions are being put to use;
We have 3 type of permission, which are;
read,
write
and execute
Read: Take this word literal. This is just being able to see/read/access/consume/etc the content of a file by a user, a group of users or everybody(every user).
Write: This is being able to modify, create and/or delete a file by a user, a group of users or everybody.
Execute: This permission is useful for file that are classified as a system program/application/software/package or in general term, executables files.
Proceeding more into demystifying File Permissions. This 3 types of permission we just talked about can be applied for a user, a group of users or everybody on a file.
Now the question beacons, How do we apply this permission for the 3 state of users that we have. Listed;
Owner: Just a normal user, I have been addressing as User from the beginning of our chat.
Group: This is when we have more than one user on a system, we always do. And this users can be grouped probably based on common goals/assignment/activity/roles. So basically, group is just a group created for more than one users. 😁
Others: This is the user state I have been addressing as everybody (every user) from the beginning of our chat. In other simple words; Others are users that don’t belong to the user state of being an owner and does not belong to the group assigned to a file.
Now, lets head on and see how the read, write and execute permission are being attach to a file for the 3 states of users that we have, recall, owner(a user), group(group of users), other(everybody/every-user).
Every file has the permissions for this 3 state of users in the manner below;
(*) (owner)(group)(others)
The owner, group, others bracket, well, I guess/hope you know what they are. Ignore the first bracket with the ‘*’ for now. 😉
Lets give an example of this permission rather than the 3 user state representation..
(*)(rwx)(rwx)(rwx)
R = Read, W = Write and X = Execute
These permissions have a different pattern when you look at it on a system though.. Which looks more like the below;
-rwxrwxrwx
You’d notice there is no grouping done with bracket and our first ‘*’ character is now ‘-‘ .
I want you to remember the point where we consider a Directory(Folder) as a File. This is our we differentiate a directory from our regular file. From the example representation of the permission I did earlier; remember I ask us to ignore the ‘*’ in the first grouping of the permissions of user state. That spot is actually reserved for Directories(Folders). So let us see an example of a directory kind of permission below;
(d)(rwx)(rwx)(rwx)
PS: In my permission examples so far, I have been adding the read, write and execute permission. But I want you to know it is not always going to be like that. Some file might only have read and write permission for the owner and none for other user states; e.g
(-)(rw-)(—)(—)
When no permission is set, the permission spot would be represented with ‘-‘ . The permission above translate that only the only can do anything to whichever file that has this permission. By anything I mean, modifying(e.g renaming or updating file content) or deleting the file.
Who is an owner?
An owner is the owner of a file. An owner is the user that created a file on a system. That is one simple way of being an owner. Another way is if a user makes you the owner of a file. Meanwhile you can also make a group the owner of a file.
How about a group?
Just a group of users. A group as to be created first and users added to the group.
Now let see an example command to actually set permission for a file using the famous command ‘chmod';
Setting permission - Using the ‘+’ (plus) sign, adds new permission to the file.
chmod +rwx file-name (Give all user states rwx permissions)
I.e From the command above we have this end result (*)(rwx)(rwx)(rwx)
Setting permission for only user - Using the ‘=‘ (equal) sign, this overwrite whatever permission set on the file already.
chmod u=rx file-name (Give the owner rx permissions, excluding w)
I.e From the command above we have the end result (*)(r-x)(—)(---)
Setting permission for user - Using the ‘+’ (plus) sign, this does not overwrite existing permission on the file. But rather append the new permission to the old permission
chmod u+x file-name (Add x permission for user, remember the first command sets the rx permissions)
I.e From the command above we have the end result ()(rwx)(—)(—)
I guess you guys know what happens when you use the ‘-' (minus) sign.
Setting permission for only user and group;
chmod gu+w file (Give write permission to the user and group of the file)
End result is : ()(-w-)(-w-)(---)
Setting different permission for group and user;
chmod g+rx,u+rwx,o+r file (OK to combine like this with a comma)
End result : (*)(rwx)(r-x)(r—)
Now, let's head on to talk about an easier way to setting permissions, still using the chmod command.
This time let consider 3 groups to the permission;
(owner)(group)(others)
We would represent our permission with numbers as below;
Read as 4, yea number 4
Write as 2
And Execute as 1
Now to apply this permissions for a user state. It is required that we apply all user state permissions at once while representing each state permission with just a number.
A number; We get a number by using one of the numbers used to represent each permission above. But incases that you want to apply more than one permission to a user state. All you have to do is a little arithmetic of adding the permissions together for the user state. i.e 4(Read) + 2(Write) = 6(Read and Write) Permission for whatever state. e.g (6)(0)(0) with actual end result of ()(rw-)(—)(---)
Let set permission using our new easier way by converting one of our previous ways ’Setting different permission for group and user’;
chmod 754 file-name (OK to combine like this with a comma)
End result : ()(rwx)(r-x)(r—)
Talking about best practices to setting file permission.
Don’t add X - Execute permission to a file that is not meant to be executable e.g safe permission for web app source code files should be 666
Give others only read permission unless you are sure of what you doing.
When setting bulk permission i.e more than one file at a time. Always try to use the ‘find’ command.
Best and Easy way to Setting bulk permission
This can be achieved by using the find command; I will be showing 2 examples that applies to every programmers day to day activity.
Setting bulk directory permissions
find path/ -type d -exec chmod 777 {} \;
Change ‘path/‘ to the path where you want your command to perform bulk permission setting recursively.
Setting bulk file permission
find path/ -type f -exec chmod 666 {} \;
Bringing us to the end of the discussion 'file permission on unix systems’ … There is something I saved for the end. Which is; It is imperative for directories(folders) to always have the X:Execute permission if you want users to have the ability to list the content of a directory.
Phew.. Never imagine this topic would be this long…
I look forward to answering any questions?
Top comments (0)