On this page:
- Overview
- View file permissions
- Change file permissions
- Common issues when sharing data with other users
- Get help
Overview
Unix-like operating systems, such as Linux, running on shared high-performance computers use settings called permissions to determine who can access and modify the files and directories stored in their file systems. Each file and directory in a file system is assigned "owner" and "group" attributes.
Most commonly, by default, the user who creates a file or directory is set as owner of that file or directory. When needed (for example, when a member of your research team leaves), the system's root administrator can change the user attribute for files and directories.
The group designation can be used to grant teammates and/or collaborators shared access to an owner's files and directories, and provides a convenient way to grant access to multiple users.
View file permissions
To view the permissions for all files in a directory, use the
ls
command with the -la
options. Add other options as desired; for help, see List the files in a directory in Unix.
For example, if you enter:
ls -lah
You should see output similar to the following:
-rw-r--r-- 1 user1 group1 62 Jan 15 16:10 myfile.txt drwxr-xr-x 2 user1 group1 2048 Jan 15 17:10 Example
In the output example above, the first character in each line indicates whether the listed object is a file or a directory. Directories are indicated by a (
d
); the absence of a d
at the beginning of the first line indicates that myfile.txt
is a regular file.
The letters
rwx
represent different permission levels:Permission | Files | Directories |
---|---|---|
r | can read the file | can ls the directory |
w | can write the file |
can modify the directory's contents
|
x | can execute the file | can cd to the directory |
Note the multiple instances of
r
, w
, and x
. These are grouped into three sets that represent different levels of ownership:- Owner or user permissions: After the directory (
d
) slot, the first set of three characters indicate permission settings for the owner (also known as the user).In the example-rw-r--r--
, the owner permissions arerw-
, indicating that the owner can read and write to the file but can't execute it as a program.In the exampledrwxr-xr-x
, the owner permissions arerwx
, indicating that the owner can view, modify, and enter the directory. - Group permissions: The second
rwx
set indicates the group permissions. In the fourth column of the example above,group1
is the group name.In the example-rw-r--r--
, group members can only read the file.In the exampledrwxr-xr-x
, group members can view as well as enter the directory. - Other permissions: The final
rwx
set is for "other" (sometimes referred to as "world"). This is anyone outside the group. In both examples above, these are set to the same permissions as the group.
Change file permissions
To change file and directory permissions, use the command
chmod
(change mode). The owner of a file can change the permissions for user (u
), group (g
), or others (o
) by adding (+
) or subtracting (-
) the read, write, and execute permissions.
There are two basic ways of using
chmod
to change file permissions: The symbolic method and the absolute form.Symbolic method
The first and probably easiest way is the relative (or symbolic) method, which lets you specify permissions with single letter abbreviations. A
chmod
command using this method consists of at least three parts from the following lists:Access class | Operator | Access Type |
---|---|---|
u (user) | + (add access) | r (read) |
g (group) | - (remove access) | w (write) |
o (other) | = (set exact access) | x (execute) |
a (all: u, g, and o) |
For example, to add permission for everyone to read a file in the current directory named
myfile
, at the Unix prompt, enter:chmod a+r myfile
The
a
stands for "all", the +
for "add", and the r
for "read".
Note:
This assumes that everyone already has access to the directory where
myfile
is located and its parent directories; that is, you must set the directory permissions separately.
If you omit the access class, it's assumed to be all, so you could also enter the previous example as:
chmod +r myfile
You can also specify multiple classes and types with a single command. For example, to remove read and write permission for group and other users (leaving only yourself with read and write permission) on a file named
myfile
, you would enter:chmod go-rw myfile
You can also specify that different permissions be added and removed in the same command. For example, to remove write permission and add execute for all users on
myfile
, you would enter:chmod a-w+x myfile
In each of these examples, the access types that aren't specified are unchanged. The previous command, for example, doesn't change any existing settings specifying whether users besides yourself may have read (
r
) access to myfile
. You could also use the exact form to explicitly state that group and other users' access is set only to read with the =
operator:chmod go=r myfile
The
chmod
command also operates on directories. For example, to remove write permission for other users on a subdirectory named mydir
, you would enter:chmod o-w mydir
To do the same for the current directory, you would enter:
chmod o-w
To change permissions recursively in all subdirectories below the specified directory, add the
-R
option; for example, to grant execution permissions for other users to a directory (mydir
) and all the subdirectories it contains, you would enter:chmod -R o+x mydir
Be careful when setting the permissions of directories, particularly your home directory; you don't want to lock yourself out by removing your own access. Also, you must have execute permission on a directory to switch (
cd
) to it.Absolute form
The other way to use the
chmod
command is the absolute form, in which you specify a set of three numbers that together determine all the access classes and types. Rather than being able to change only particular attributes, you must specify the entire state of the file's permissions.
The three numbers are specified in the order: user (or owner), group, and other. Each number is the sum of values that specify read, write, and execute access:
Permission | Number |
---|---|
Read (r) | 4 |
Write (w) | 2 |
Execute (x) | 1 |
Add the numbers of the permissions you want to give; for example:
- For file
myfile
, to grant read, write, and execute permissions to yourself (4+2+1=7), read and execute permissions to users in your group (4+0+1=5), and only execute permission to others (0+0+1=1), you would use:chmod 751 myfile
- To grant read, write, and execute permissions on the current directory to yourself only, you would use:
chmod 700
You can think of the three digit sequence as the sum of attributes you select from the following table:
Read by owner | 400 |
Write by owner | 200 |
Execute by owner | 100 |
Read by group | 040 |
Write by group | 020 |
Execute by group | 010 |
Read by others | 004 |
Write by others | 002 |
Execute by others | 001 |
Sum all the accesses you wish to permit. For example, to give write and execute privileges to the owner of
myfile
(200+100=300), and give read privileges to all (400+040+004=444), you would enter:chmod 744 myfile
Some other examples are:
777 | anyone can do anything (read, write, or execute) |
755 | you can do anything; others can only read and execute |
711 | you can do anything; others can only execute |
644 | you can read and write; others can only read |
Common issues when sharing data with other users
Important:
Be sure you understand your responsibilities when processing, storing, and sharing data containing protected health information (PHI). For more, see Your legal responsibilities for protecting data containing protected health information (PHI) when using UITS Research Technologies systems and services.
To share a file or directory that you own with someone, you can grant read and execute privileges for that user. However, you must also set the same privileges on any parent directories above the item you're sharing; if you don't, the user can't look and change into (
cd
) all the parent directories above your file or directory.
If you think of a file system as a physical place, then permissions work like keys that let you access different directories:
- The read (
r
) permission lets users look (ls
) into directories. - The execute (
x
) permission lets users move (cd
) into directories. - The write (
w
) permission lets users add and remove files.
For example, say you want to give someone access to
/N/u/username/Carbonate/scripts
. Imagine the path as a physical space:/N
is the gated community where you live./u
is the unit./username
is your apartment./Carbonate
is a room in your apartment./scripts
is a closet in your room.
If someone wanted to run your scripts, you would need to give that person access to every part of
/N/u/username/Carbonate/scripts
. You might try to do it this way:chmod +rx /N/u/username/Carbonate/scripts
However, a user can't read or access a subdirectory unless the user also has
x
permissions to the parent directories. In other words, the above command gives out a key to your closet, but not to your room or apartment.
To resolve this, give
x
permissions to the parent directories you control:chmod +x /N/u/username/ chmod +x /N/u/username/Carbonate
This will let others move (
cd
) to the scripts
directory. Because the parent directories don't have r
permissions, users will only be able to look (ls
) within the scripts
directory, keeping the rest of your file system private.Get help
For more about
chmod
, consult the manual page. At the Unix prompt, enter:man chmod
At Indiana University, for personal or departmental Linux or Unix systems support, see Get help for Linux or Unix at IU.
This is document abdb in the Knowledge Base.
Last modified on 2019-08-23 15:27:34.
Last modified on 2019-08-23 15:27:34.
Contact us
For help or to comment, email the UITS Support Center.