Unix file permissions can seem a bit daunting to everyone. This guide will help to have a solid grasp on setting the correct permissions for all UNIX file systems. Covering both Linux and Mac distributions.
Using the following command, you can list file permissions for folders and files
ls -lah
Output will look something like the following:
File permissions in UNIX are set in groups of three, for three different levels. Those groups are as follows in this order, always:
Using the chmod command we can manually set the value of all three groups. All three groups have a value that adds up to 7. Meaning the maximum value of a chmod command is 777 which will give the layout above. The values are calculated as follows:
— Read = 4
— Write = 2
— Execute = 1
So, using that information you can determine what permissions are tied to the numerical value of the chmod command. For example:
755 would be -rwxr-xr-x
— Owner has: read|write|execute
— Group has: read|execute (unable to write files or save over)
— Other has: read|execute (guest accounts are unable to write files or save over)
770 would be -rwxrwx—-
— Owner has: read|write|execute
— Group has: read|write|execute
— Other has: no access
666 would be -rw-rw-rw-
— Owner has: read|write
— Group has: read|write
— Other has: read|write
sudo chmod {insertNumericalValue}
Will edit the permissions of the folder or file to give what is needed.
The owner of the folder should always be the user that is handling the sharing of the folder. Or the service account that is responsible for folders or files. I.e., www-data user is the owner of apache files and folders.
The groups section covers the users that have been added to the file or folder on a group basis. I.e “office users” groups. This makes sharing the file or folder easier. As one does not have to go and add a user to the file or folder, and instead add them to the proper groups when you create the user.
This is usually considered as the “guest” account access. Unless otherwise noted, this group should never have a 7 set as their permissions level. This is strictly a security measure to prevent unauthorized execution of scripts or deletion of files.
Occasionally you will see a file/folder mod listed as follows
”-rwxr-xr-x+”
The “+” denotes that the file or folder has an alternate access method being applied to the file. Usually referred to ACL (/access control lists/) or inheritance. If this is the case, the folder permission changes will be dependent on the parent folder.
We take great pride in our information-sharing model and hope your company benefits from this guide. If you have questions or need further help, please contact us.
Related Posts to UNIX File Permissions