This is a website by Willem van Zyl

I'm a project manager, software developer, Apple evangelist and geek from South Africa. I'm passionate about web and mobile application development, usability, productivity, physics, astronomy, science fiction and fantasy.

If you would like to contact me, message me on Twitter or send me an email.

How to understand and modify Unix file permissions

25 Feb 2009

The Unix "ls -l" command will present a directory listing similar to the one below:

Willem-MacBook-Pro:~ willem$ ls -lh
total 0
drwx------+  39 willem  staff   1.3K Feb 25 15:31 Desktop
drwxr-xr-x   32 willem  staff   1.1K Nov 29 20:55 Development
drwx------+  16 willem  staff   544B Feb 24 16:59 Documents
drwx------+ 168 willem  staff   5.6K Feb 25 15:16 Downloads
drwxrwxrwx@  25 willem  staff   850B Feb 25 13:06 Dropbox
drwx------+  57 willem  staff   1.9K Feb 10 10:23 Library
drwx------+  13 willem  staff   442B Feb 25 11:35 Movies
drwx------+  10 willem  staff   340B Dec  1 13:55 Music
drwx------+  19 willem  staff   646B Feb 22 21:46 Pictures
drwxr-xr-x+   8 willem  staff   272B Feb  7 11:36 Public
drwxr-xr-x   10 willem  staff   340B Feb 12 09:40 Scripts
drwxr-xr-x+  56 willem  staff   1.9K Feb 25 13:31 Sites
drwxr-xr-x    8 willem  staff   272B Nov 12 23:32 Woopra
Willem-MacBook-Pro:~ willem$

In this listing the columns indicate (from left to right): permissions, subitem count, owner, group, size on disk, date modified and item name.

The permissions column will always display a string in the format "rwxrwxrwx" with an optional leading "d" to indicate that the item is a directory. (Some operating systems also add a trailing '+' or '@' to indicate associated ACLs or extended attributes. ACLs can be displayed with 'ls -le' and modified with 'chmod -a').

Explanation of "rwx" permissions

The nine "rwxrwxrwx" characters are divided into three sets to indicate the permissions for the owner of the item, the group that owner belongs to, and any other users on the system: 

directory|owner|group|other
---------|-----|-----|-----
    d    | rwx | rwx | rwx

.: drwxrwxrwx

For each of these three groups, the rwx characters are set to either a letter ('r', 'w' or 'x') or a dash ('-') to indicate whether the set has read, write, execute or no permissions on the item.

For example, if an owner and their group has read and write permissions on a directory item and all other users only have read access, the permissions would be:

directory|owner|group|other
---------|-----|-----|-----
    d    | rw- | rw- | r--

.: drw-rw-r--

If an owner has read and write permissions on a file item and all other users (even those in their group) only have read access, the permissions would be:

directory|owner|group|other
---------|-----|-----|-----
    -    | rw- | r-- | r--

.: -rw-r--r--

If an owner has read and write permissions on a directory item and all other users (even those in their group) have no access, the permissions would be:

directory|owner|group|other
---------|-----|-----|-----
    d    | rw- | --- | ---

.: drw-------

Modifying owner and group settings

Owner and group settings can be changed with the chown command. For example, to change the "Scripts" directory's owner to "carla" and group to 'staff', enter (prefix 'sudo' to this command if you're not the owner of the item):

chown carla:staff Scripts/

Modifying single permission settings

Permission settings can be changed with the chmod command on a single or multiple setting basis. When changing single settings, the permission set is indicated by:

u owner (user)
g group
o other

... and the permissions are indicated by:

r read
w write
x execute

For example, to change the "Scripts" directory's permissions by making it writeable for users in the owner's group, enter (prefix 'sudo' to this command if you're not the owner of the item):

chmod g+w Scripts/

To change the "Scripts" directory's permissions by making it non-executeable for users other than the owner and those in the owner's group, enter (prefix 'sudo' to this command if you're not the owner of the item):

chmod o-x Scripts/

Modifying multiple permissions settings

When changing multiple settings, a decimal number (between 0 and 7) is used to indicate the read, write and execute settings for each of the three permission sets (owner, group, other).

This number is calculated by converting the binary representation of the rwx string for each permission set to a decimal number. The possible rwx combinations and their binary / decimal representations are:

---  --x  -w-  -wx  r--  r-x  rw-  rwx
000  001  010  011  100  101  110  111
 0    1    2    3    4    5    6    7

For example, to change the "Scripts" directory's permissions by making it rwx for the owner, rw- for the owner's group, and rw- for all other users, enter (prefix 'sudo' to this command if you're not the owner of the item):

chmod 766 Scripts/

To change the "Scripts" directory's permissions by making it rw- for the owner, r- for the owner's group, and - for all other users, enter (prefix 'sudo' to this command if you're not the owner of the item):

chmod 640 Scripts/
Do you like this? Share it:

Copyright © Geekology 2011. All Rights Reserved.

Hosted by Code. Like. Clockwork.