Tutorial on UNIX Directory Permissions
Directories use the same three basic attributes as files for permissions: read, write, and execute, but they have different meanings. If a directory has read permissions, you can see the files that are in the directory. Write permissions allows you to add, remove, or rename files in the directory, and execute allows you to use the directory name when accessing files inside that directory. There are a lot of considerations that may not be obvious from these descriptions.
For instance, if you have execute access to a directory, you can still list the file information (ls -l) even though you don't have read permissions on the files contained in the directory. Write permission allows you to change the contents of a directory. Since the names of the files contained in a directory are stored in the directory, write permission to the directory allows you to create, rename, and delete these files. You can think of execute permission as a search permission, if you already know the name of a file you can use the file.
Directories just as files have owners and groups associated with them. Each has a set of write/ read/ execute permissions, as does an all-encompassing group known as other, which can be thought of as worldwide permissions (which is everyone other than the superuser). These permissions are determined by 10 bits of information that are displayed by using the ls -l listing. The first bit identifies the type of file (d in case of a directory), the next three are the write/ read /execute permissions for the owner, followed by similar sets of three for the group and other. Look at the following listing:
% ls -l
drwxrwxr-- 3 game cpsc446 512 Jan 31 18:30 dir0
drwxr-xr-x 3 game cpsc446 512 Jan 31 18:30 dir1
-rw-r--r-- 1 game cpsc446 960 Jan 31 19:10 README
The leading bit in the first two entries identifies class_assignments and class_notes as directories, and the last entry identifies README as a file. The remaining 9 bits identify the write/ read/ execute permissions for the owner, group and others respectively. Where you see the letter r, read permissions exists, etc. If the permission bit is a dash the permission is not in effect. UNIX examines permissions starting from the owner, followed by the group and lastly others. If a permission is not granted then UNIX does not look any further, for instance if you are a member of the cpsc446 group and the group does not have write permission on a directory (or file), then it does not matter if the others group has write permission, because the others group will not be examined. However if you were not a member of the cpsc446 then the other group permissions would be examined.
You can specify permissions using octal numbers. Given a three-bit set, if the first bit is set (i.e. r), add 4, if the second bit is set (i.e. w), add 2 and it the third bit it set (i.e. x), add 1 to get the octal number. For example rwx equals 4 + 2 + 1 or 7, and r-x equals 4 + 0 + 1 or 5. When you create a file or directory the default initial permissions are 777 or rwxrwxrwx, unless you've used the umask command to "take away" permissions, which is wise. A common umask is 022 (%umask 022) which sets the permissions to 755 or rwxr-xr-x. In the following exercise you will set the umask so that these are the initial permissions. The owner of a directory (or file) changes the permissions using the chmod command. When you create a directory (or file) you are the owner, and your group is the initial directory (or file) group. The chown, and chgrp commands are used just chmod to change the owner and group of a directory (or file).
Exercise: Preparation
The following exercise demonstrates what you've just learned. If working from a UNIX system, you should open a console window and see for yourself. Enter the following commands at your shell prompt:
% umask 022 // Set default permissions to 755
% mkdir dir0 // Create directory 0
% mkdir dir1 // Create directory 1
% mkdir dir2 // Create directory 2
% mkdir dir3 // Create directory 3
% mkdir dir4 // Create directory 4
% mkdir dir5 // Create directory 5
% mkdir dir6 // Create directory 6
% mkdir dir7 // Create directory 7
% touch file0 // Create file 0
% echo You Can Read the Contents of File 0 > file0
// Create content for file 0
Using a text editor create and save the following sample program as prog0.c
#include <stdio.h>
void main ()
{
printf("You can execute this program\n");
}
and then compile as:
% gcc prog0.c –o prog0
Copy file0 and prog0 to the eight directories you just created (dir0 through dir7).
% cp file0 prog0 dir*/. // dir* = dir0, dir1 etc
Exercise: Owner Test
Change the owner permissions of each directory using change mode (chmod) command so that the directory has the octal permissions as it’s number
% chmod 077 dir0
% chmod 177 dir1
. . . // the same 2 through 6
% chmod 777 dir7
To test the owner permission perform the following on each directory from dir0 through dir 7 and compare your results to those in table 1.
% ls dir* // Can you see what is in the directory?
% cd dir* // Can you change to the directory?
% cd ..
// Return to the parent if the above succeeded, else omit.
% cat dir*/file0 // Can you read the contents of file 1?
% touch dir*/file1
// Can you create a file in the directory?
% dir*/prog0 // Can you execute prog0?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table 1: Owner
Exercise: Group Test
Change the group permissions of each directory using change mode (chmod) command so that the directory has the octal permissions, as it’s number
% chmod 707 dir0
% chmod 717 dir1
. . . // the same 2 through 6
% chmod 777 dir7
To test the group permissions perform the following on each directory from dir0 through dir 7 and compare your results to those in table 2. To perform this test you must be logged on as user other than the owner of these directories. You do this either by logging on under a different username or by changing the ownership of the directories. If the username and owner are the same then the test examines the owner permissions and not the group permissions are tested. Consult the manual pages for chown (%man chown) to change ownership.
% ls dir* // Can you see what is in the directory?
% cd dir* // Can you change to the directory?
% cd ..
// Return to the parent if the above succeeded, else omit.
% cat dir*/file0 // Can you read the contents of file 1?
% touch dir*/file1
// Can you create a file in the directory?
% dir*/prog0 // Can you execute prog0?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table 2: Group
Exercise: Other (World) Test
Change the group permissions of each directory using change mode (chmod) command so that the directory has the octal permissions as it’s number
% chmod 707 dir0
% chmod 717 dir1
. . . // the same 2 through 6
% chmod 777 dir7
To test the group permissions perform the following on each directory from dir0 through dir 7 and compare your results to those in table 2. To perform this test you must be logged on as user and group other than the owner and group of these directories. Follow the same procedure you did about to change the group but use chgrp instead of chown. Consult the manual pages for chgrp (%man chgrp) to change ownership.
% ls dir* // Can you see what is in the directory?
% cd dir* // Can you change to the directory?
% cd ..
// Return to the parent if the above succeeded, else omit.
% cat dir*/file0 // Can you read the contents of file 1?
% touch dir*/file1
// Can you create a file in the directory?
% dir*/prog0 // Can you execute prog0?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Y |
Y |
Y |
N |
N |
|
Y |
N |
N |
N |
N |
|
Y |
Y |
Y |
Y |
Y |
Table 3: Others (World)