UNIX File Permissions Explained

This article attempts to simplify the UNIX or POSIX permissions. Let’s discuss permissions for a standard file. Let’s assume we have a file called permission_test.sh. The result of the ls -l permission_test.sh is:

-rw-r–r– 1 john staff 65 Oct 13 14:45 permission_test.sh

Let’s concentrate on the first 10 characters “-rw-r–r–“, for now let’s skip the first character and concentrate on the last 9 characters “rw-r–r–“. The first 3 characters are for the owner permissions “rw-“, the second block of 3 characters “r–” are for the group permissions, and the final 3 characters are for other (everyone) permissions “r–“.

Every block specify for readw for write, and for execute. A character of – means that the permission is not set.

The same representation can be obtained in bits, this is a little more complicated, but you need to know it because often you read articles specifying permissions 777, 644, 744, etc. Now, every block of 3 characters in bits become the total of 7, let me explain. If you remember bits in school, “—” has an equivalent in bits of “421”. 7 means the sum of all 3 “rwx”, but 6 sets only “rw-“, 4 only read “r–“, and 5 sets “r-x”. Now, if you examine the current permissions of file permission_test.sh “-rw-r–r–” in bits, it becomes 42-4–4–, depicted as 644 (4+2, 4, and 4) in chmod commands.

Now let’s move on to the second and third column of the command output “john” and “staff“. This simply means that the file permission_test.sh is owned by a user named john and owned by a group named staff.

Now that we know all the properties for permissions, let’s break them down for the file permission_test.sh. Now, follow me here, you might have re-read this chapter few times to make sense of it:

john has read, and write
staff 
has read
other 
has read

In other words john can see and modify the file, member of staff and everyone else can only see it.

Now the fun, this is one of my interview questions when I look for UNIX people.

If I try to execute the file permission_test.sh as john with the command ./permission_test.sh and get the following error what does it mean:

./permission_test.sh: Permission denied

It simply means that the execute permission is not assigned to the file; now to assign permission we are going to introduce the command chmod.

So, the file permission_test.sh has permissions of “-rw-r–r–“, in order to be executed, it needs to be “-rwxr–r–“. So, we would execute the following command.

chmod u+x permission_test.sh

This commands simply adds (+, as – takes it away) execute permissions (x), only for the owner (u) to the file permission_test.sh.

Now the command ./permission_test.sh can execute the script of exeuctable without a problem.

The same applies for group membership, let’s say that a user named susan, member of staff, wants to execute the file, with the current permissions she will not be able to execute the file. In order to chmod the file, the following command is required:

chmod g+x permission_test.sh

Now, susan can execute but not modify the file, to also allow modifications, the command would be:

chmod g+wx permission_test.sh

At the end, if we want to give permissions to everyone else, we would run:

chmod o+x permission_test.sh

To conclude this article, I am going to list some common permissions and the equivalent bit translation:

-rw-r–r– (644)
-rwx-r-xr-x (755)
-rwx-rwx-r-x (775)
-r——– (600)

You should get the idea now.

Now, the first character in the permissions which I asked you to ignore, it can contain “” for not set, “d” for directory, or “l” for link. I will write other articles to cover directory and UNIX links.

In UNIX there also also special permissions, “t” for sticky bit and “s” for setuid-setgid. This goes beyond the scope of this article. I will write a special article just to cover this topic.

As always, thank you for reading, I really hope this is useful to you…

Leave a Reply