.. highlight:: console

.. role:: bash(code)
   :language: bash
   :class: highlight

File permissions
----------------

Each file and directory has a set of :dfn:`permission flags`
associated with it. You have seen them already as a sequence of ten
characters in the first column of :bash:`ls -l` output::

	$ ls -l foo
	-rw-r--r--  1 dg  staff  6 23 Oct 12:00 foo

The first character indicates whether we are looking at a file
(:kbd:`-`) or a directory (:kbd:`d`). Another frequently encountered
first letter is :kbd:`l` for links, which we'll discuss later.
 
The next nine flags are grouped into three :dfn:`classes`, called
:dfn:`user`, :dfn:`group` and :dfn:`other`.  Within each class, the
characters :kbd:`rwx` show which permissions are set for that
class. Each file belongs to exactly one user (here :kbd:`dg`) and one
group (here :kbd:`staff`). In our example, the user :kbd:`dg` is
allowed to read and write to the file, while :kbd:`staff` members and
anyone else can only read the file. The execute permission (:kbd:`x`)
lets you run the file directly as a command. 

On directories, the flags have a slightly different meaning: :kbd:`r`
only allows you to list the contents of the directory, but you need
:kbd:`x` to access them. :kbd:`w` permits changes to the directory
contents to be made.

chmod, chgrp, chown
~~~~~~~~~~~~~~~~~~~

:command:`chmod` is the main tool to operate on file
permissions. :command:`chown` and :command:`chgrp` can be used to
change ownership of a file, but :command:`chown` is often restricted to
admin users. Any guess why?

Let's play with the permissions to get some feel for how they
work.

#. Remove the read permission for yourself and try to :bash:`cat` a file.

#. Remove the write permission for yourself and try to :bash:`cat`
   *into* a file.

#. Try removing each one of :kbd:`rwx` individually on a new directory
   and try to create, read, write to, rename or delete files inside the
   directory.

#. Check if any files in your home directory are world writeable or world
   readable. 


..
  \timefornotes{Shell convenience features}{
  \begin{itemize}
  \item History
  \item Aliases
  \item Brace and variable expansions
  \item Environment variables
  \end{itemize}
  }