CS246-F20-01-UnixShell
Lecture 1.12
• UNIX file permissions
• chgrp and chmod
CS246
UNIX file permissions
• Each file/dir in UNIX has three sets of access permissions that
define how each of three different classes of users may access it:
User the userID that owns the file
Group the UNIX group associated with the file
Other everyone else (who has an account on this machine)
• A UNIX group is an “arbitrary” collection of userIDs that make sense
in some organizational context
– Groups are defined in a single place under admin (root) control
– A user can belong to multiple groups
e.g., research group, ad hoc project, top secret project, bowling league scores, …
– We won’t worry too much about groups, … in practice, group
permissions for a file are usually the same as “other”
UNIX file permissions
• For each file and for each user kind, there are three
permissions that can be allowed or not:
– Read, write, execute
• For normal files:
– Read/write means that kind of user can read/write the file
– Execute means “allowed to be run as a program”
• The file should be a shell script or a binary executable for this to be sensible
• For directories:
– Read means the user can ask what files are in the directory (“ls”)
– Write means the user can add / delete files (and dirs) in the directory
– Execute means the user can “cd” into that directory
• But “ls” works only if “read” is also permitted
• To see the permissions, do “ls –l”:
drwxr-x— 2 jfdoe cs138staff 4096 Oct 19 18:19 cs138/
drwxr-x— 2 jfdoe jfdoe 4096 Oct 21 08:51 cs247/
-rw——- 1 jfdoe jfdoe 22714 Oct 21 08:50 test.cc
-rw——- 1 jfdoe jfdoe 63332 Oct 21 08:50 notes.tex
• Again, the columns are:
– permissions, #-of-hard-links (ignore this), owner’s user ID, group ID, file
size in bytes (ignore for directories), date of last change, file name
• Let’s assume I am user jfdoe
UNIX file permissions
Permissions example: Normal file
• test.cc is a (plain, old) file:
– I can read/change the contents (if I am user jfdoe)
– The .cc suffix indicates that it’s (likely) a file of C++ source code, not
a shell script or binary, so it should not be executable
– No one else can read or write it
rw- —-test.cc
Permissions example: Directory
• cs138 is a directory:
– I can navigate, ls, add/remove files from this dir (if I am user jfdoe)
– Members of the group cs138staff can navigate into it and perform
an ls command there, but may not add/remove files
– Others can’t see or enter inside this dir
cs138
File permissions
• In practice, “other” & “group” often have the same permissions
– Don’t usually give anyone but me write permission (security issue)
– May or may not give others read / execute permission, depending on
context / file contents
• Myself, I usually make:
– Research files readable, and dirs readable/executable
• So I can share info with my research group
– Teaching, email, and other personal files/dirs totally private
• You should make everything private on your UW UNIX accounts
chgrp
• chgrp changes group-name associated with a file
• Usage:
chgrp [ -R ] group-name file/directory-list
-R recursively modify the group of a directory
• Examples:
$ chgrp cs138staff cs138 # course directory
$ chgrp -R cs138staff cs138/a5 # assgt dir/files
• Must associate group along entire pathname and files
• Creating/deleting group-names is done only by sysadmin (root/sudo)
chmod
• chmod changes permissions of a file
• Usage:
chmod [ -R ] mode-list file/directory-list
-R recursively modify permissions of a directory + contents
• mode-list has the form
security-level operator permission
– Security levels are denoted by u for you (user), g for group, o for
other, a for all (ugo).
– Operator + adds permission, – removes permission, = sets permission
• Or you can use octal, if you’re a geek like me
chmod
• Elements of the mode-list are separated by commas.
chmod g-r,o-r,g-w,o-w foo
chmod go-rw foo # short form
chmod g+rx cs138
chmod -R g=rw cs138/a5
• To achieve desired access, must associate suitable
permissions along entire pathname and files
– So if a file is readable but its enclosing directory is not executable,
then you won’t be allowed to see it
Exercise
• Let’s go into the directory where I keep the web version
of the cs246 lecture slides:
$ cd ~/public_html/246/old
$ ls
total 60
drwxr-xr-x 2 migod migod 4096 Jan 15 2019 code/
-rw-r–r– 1 migod migod 32597 Aug 31 11:52 cs445-schedule.html
drwxr-xr-x 3 migod migod 4096 Aug 31 11:46 lectures/
drwxr-xr-x 2 migod migod 4096 Sep 13 07:42 migod/
drwx–x–x 3 migod migod 4096 Sep 4 15:54 savitch/
-rw-r–r– 1 migod migod 7549 Sep 13 07:44 schedule.html
$ chmod og-r schedule.html # now try to load the page
$ chmod a+r schedule.html # back to normal
$ chmod a-rwx code # now try to load sstream file
$ chmod u=rwx,go=rx code # back to normal
End
CS246