Modes FAQ

From SonicWiki
Jump to: navigation, search

This is a quick tutorial on file permissions in Unix, to supplement our CGIWrap page. (Please pardon our dust, etc... :) I'm making extended use of color, so that the relationships are clearer -- however, please note that "ll" or "ls -l" typically don't color-code the mode bits. Here is an example:


$ ll id.cgi -rwxr-xr-x 1 scott coolguys 60 Jun 25 1996 id.cgi

And here is the key:

tuuugggooo

"t" is the "type" bit, which you will usually see set as "d" (directory) or "-" (regular, plain-ol' file). Unix systems support other file types, but I'll spare you their description. (I'll be building yet-another web page to cover this information.)

"uuu", "ggg", and "ooo" are the permissions bits for different classes of user, summarized in the following table:

User The "owner" of the file ("scott" in my example)
Group Anybody in the "group" of the file ("coolguys" in my example)
Other Anybody who isn't the file's owner, or in the file's group. (i.e. "The World")
Important Note
When using chmod, "o" means "other", not owner (user).

The colorful triple letters above refer to fields of three letters, which will always appear in this order: "rwx". If a bit is turned on, you will see a letter; if it's turned off, you will see a dash ("-"). "rwx" shows the status of "read", "write", and "execute" permissions.

Here is the example again:


$ ll id.cgi -rwxr-xr-x 1 scott coolguys 60 Jun 25 1996 id.cgi

The user bits are set "rwx". This means that the user (scott) can read from the file, write to the file, or execute the file as a program.

The group bits are set "r-x". This means that any user in the coolguys group can read from the file, or execute it as a program. However, they may not write to the file, since that bit is unset (off, or "-").

The other bits are set "r-x". This means that anybody else (that is, any user who isn't scott, and doesn't belong to the coolguys group) can read or execute the file. In other words, the coolguys group and everybody else have the same permissions.

Let's say I want to deny everybody else the ability to read from the file. I could use an ftp client to modify permissions, but hey, I'm at a shell prompt, so I'll just tell chmod to subtract "r" (read) from the "o" (other) permissions.


$ chmod o-r id.cgi $ ll id.cgi -rwxr-x--x 1 scott coolguys 60 Jun 25 1996 id.cgi

Now let's say I want to deny all group and other permissions to the file:


$ chmod go-rwx id.cgi $ ll id.cgi -rwx------ 1 scott coolguys 60 Jun 25 1996 id.cgi

(Note: chmod won't complain if you unset bits that are already unset, or set bits that are already set. I subtracted "w" above just to make sure. ;)

As it turn out, the coolguys group are a bunch of cool guys, so I'll give them back both "read" and "execute" access:


$ chmod g rx id.cgi $ ll id.cgi -rwxr-x--- 1 scott coolguys 60 Jun 25 1996 id.cgi

Finally, I saw an octal mode in the [/faq/web/cgiwrap.shtml CGIWrap page], which I want to use on this program:


$ chmod 0501 id.cgi $ ll id.cgi -r-x-----x 1 scott coolguys 60 Jun 25 1996 id.cgi

Wow! Now it's ready for CGIWrap! :)