How To Calculate UNIX File Permissions

Introduction

Unix file permissions can seem a bit daunting to everyone. This guide will help to have a solid grasp on setting the correct permissions for all UNIX file systems. Covering both Linux and Mac distributions.

Listing Out Current Unix File Permissions

Using the following command, you can list file permissions for folders and files

ls -lah

Output will look something like the following:

File permissions in UNIX are set in groups of three, for three different levels. Those groups are as follows in this order, always:

1. Owner
2. Group
3. Other
   And they are set laid out in the following form
   -rwxrwxrwx 
   Breaking those down we can see the above three groups have the following settings
   -|rwx| |rwx| |rwx|
   Meaning:
• Owner: has read|write|execute
• Group: has read|write|execute
• Other: has read|write|execute

Determining the Numerical Value of File/Folder Mod

Using the chmod command we can manually set the value of all three groups. All three groups have a value that adds up to 7. Meaning the maximum value of a chmod command is 777 which will give the layout above. The values are calculated as follows:
— Read = 4
— Write = 2
— Execute = 1
So, using that information you can determine what permissions are tied to the numerical value of the chmod command. For example:
755 would be -rwxr-xr-x
— Owner has: read|write|execute
— Group has: read|execute (unable to write files or save over)
— Other has: read|execute (guest accounts are unable to write files or save over)
770 would be -rwxrwx—-
— Owner has: read|write|execute
— Group has: read|write|execute
— Other has: no access
666 would be -rw-rw-rw-
— Owner has: read|write
— Group has: read|write
— Other has: read|write

Manually Setting Permissions With chmod

Using

sudo chmod {insertNumericalValue}

Will edit the permissions of the folder or file to give what is needed.

Owner

The owner of the folder should always be the user that is handling the sharing of the folder. Or the service account that is responsible for folders or files. I.e., www-data user is the owner of apache files and folders.

Groups

The groups section covers the users that have been added to the file or folder on a group basis. I.e “office users” groups. This makes sharing the file or folder easier. As one does not have to go and add a user to the file or folder, and instead add them to the proper groups when you create the user.

Other

This is usually considered as the “guest” account access. Unless otherwise noted, this group should never have a 7 set as their permissions level. This is strictly a security measure to prevent unauthorized execution of scripts or deletion of files.

Extra Attributes

Occasionally you will see a file/folder mod listed as follows
”-rwxr-xr-x+”
The “+” denotes that the file or folder has an alternate access method being applied to the file. Usually referred to ACL (/access control lists/) or inheritance. If this is the case, the folder permission changes will be dependent on the parent folder.

We take great pride in our information-sharing model and hope your company benefits from this guide. If you have questions or need further help, please contact us. 

Related Posts to UNIX File Permissions

• KILLING ME SOFTLY: EXPLORING AN UNDOCUMENTED FEATURE OF BASH
• ACTIVE DIRECTORY AUTHENTICATED CIFS(SAMBA) FILE SHARING W/UBUNTU 20.04
• ACTIVE DIRECTORY CIFS (SAMBA) W/ CENTOS/RED HAT ENTERPRISE LINUX 8