5. File permissions

Each file and directory has a set of permission flags associated with it. You have seen them already as a sequence of ten characters in the first column of ls -l output:

$ ls -l foo
-rw-r--r--  1 dg  staff  6 23 Oct 12:00 foo

The first character indicates whether we are looking at a file (-) or a directory (d). Another frequently encountered first letter is l for links, which we’ll discuss later.

The next nine flags are grouped into three classes, called user, group and other. Within each class, the characters rwx show which permissions are set for that class. Each file belongs to exactly one user (here dg) and one group (here staff). In our example, the user dg is allowed to read and write to the file, while staff members and anyone else can only read the file. The execute permission (x) lets you run the file directly as a command.

On directories, the flags have a slightly different meaning: r only allows you to list the contents of the directory, but you need x to access them. w permits changes to the directory contents to be made.

chmod, chgrp, chown

chmod is the main tool to operate on file permissions. chown and chgrp can be used to change ownership of a file, but chown is often restricted to admin users. Any guess why?

Let’s play with the permissions to get some feel for how they work.

  1. Remove the read permission for yourself and try to cat a file.
  2. Remove the write permission for yourself and try to cat into a file.
  3. Try removing each one of rwx individually on a new directory and try to create, read, write to, rename or delete files inside the directory.
  4. Check if any files in your home directory are world writeable or world readable.