How to...
Change file access in Unix
- Introduction
- Default access modes
- Changing access modes
- Changing your default
- Checking the access modes
- Example of the chmod and ls commands
- Protecting a subdirectory
- Making the change permanent
Introduction
You can specify who can read (or have other rights) to your files held on the IT Services UNIX system. This page gives a brief description of how you can check and alter these access modes.
You can grant (or deny) access to any of your files, or subdirectories of files. There are three basic access modes whose meanings depend on whether they apply to a file or a subdirectory:
Access Mode |
For a file |
For a subdirectory |
| Read (r) | The ability to examine the contents of a file. |
The ability to determine the names of the files in the subdirectory. |
| Write (w) | The ability to change the contents of the file. |
The ability to create or delete a new file in the subdirectory. |
| Execute (x) | The ability to run it as a command. This is useful if the file contains shell commands or a compiled program. |
The ability to read individual files in the subdirectory (provided that Read access has been granted on the individual files). |
These access modes can be granted (or denied) to three categories of individual:
- User (u)
- The person who "owns" the file, normally you for files in your directory.
- Group (g)
- Members of the group to which the file "belongs". These are normally your colleagues.
- Others (o)
- All other people registered to use the IT Services UNIX system.
Default access modes
The default modes assigned to a file created are:
- User
- Read and Write
- Group
- None
- Other
- None
You can alter the modes for a specific file by using the chmod command or change the default modes assigned to files that are subsequently created by issuing the umask command.
Please note that IT Services retains the right to change the default access modes, along with other aspects of the system, whenever necessary.
Changing access modes
The chmod command is used to change the access modes to existing files. One method of using the command is to specify what modes you wish to grant to a particular file.
Example
If you had a file called paper.txt and you issued the command:
$ chmod u=r paper.txtthe only access mode you have is to read the contents of the file. This would be useful if the file contained important text that you did not wish to change by mistake. It would also mean that you could not accidentally delete the whole file.
If you wanted to change the file at a later date then you would have to issue the command:
$ chmod u=rw paper.txtAs you did not specify the modes assigned to Group or Other in either of these commands, the modes assigned to these two categories are unchanged.
If you issue the command:
$ chmod o= paper.txtthis would mean that everyone registered on the system (except, possibly, the file's owner or group) would be granted no access modes to the file.
Changing your default
The chmod command changes the access modes for an existing file. There is another command umask which you have to use if you want to change the settings assigned to any files you create. You can use the umask command in a similar way to that described for the chmod command (if you use the recommended Korn shell).
Example
Consider the command:
$ umask u=rw,g=r,o=If you create any files after issuing this command then the following access modes would be granted:
- User
- Read and Write
- Group
- Read
- Other
- None
Checking the access modes
You can use the ls command to determine the access modes to any of your files by choosing the -l option. For example, if you wanted to check the access modes on your file paper.txt you would issue the command:
$ ls -l paper.txtand would receive the following output:
-rw-r--r-- 1 rogerd csrvsf 1474 Dec 2 10:49 paper.txtThe string -rw-r--r-- in the resultant output has the following significance (reading from left to right):
- -
- It is a file. A subdirectory would be indicated by a letter d instead of the -
- rw-
- User has Read and Write access but not Execute access
- r--
- Group has Read access but not Write or Execute access
- r--
- Others have Read access but not Write or Execute access
Example of the chmod and ls commands
In the following example the access modes on the file thesis.tex are checked (using the ls command). The Read access currently granted to the Group and Others categories is then withdrawn along with the User's ability to change the file's contents (i.e. Write access). The revised modes are then re-checked. (In this example the -l option is specified on the ls command. The -l option asks for information to be displayed using the long format and the owner's group. The group in this example is csrvsf.)
$ ls -l thesis.tex-rw-r--r-- 1 rogerd csrvsf 1474 Dec 2 15:23 thesis.tex
$ chmod u=r,g=,o= thesis.tex
$ ls -l thesis.tex
-r-------- 1 rogerd csrvsf 1474 Dec 2 15:23 thesis.tex
Protecting a subdirectory
As an alternative to granting access to all the files in a subdirectory, you may wish to only grant selective access to specified files. Consider, for example, that you wish to allow anyone to read the file readme.txt that is in your subdirectory Tools, but only that file. This is achieved by the following steps:
Requirement |
Command |
Allow other people to access the subdirectory: |
$ chmod g=x,o=x Tools |
Change to the subdirectory: |
$ cd Tools |
Prevent other people having access to the files within the subdirectory: |
$ chmod g=,o= * |
Allow other people to read the individual file: |
$ chmod g=r,o=r readme.txt |
Making the change permanent
As mentioned earlier, issuing a umask command will only change the access modes assigned to files created later in that login session. If you wish to change the defaults on all the files you create in the future you should include the appropriate umask command in your .kshrc file.
created on 2010-01-01 by Andy Clews
last updated on 2010-06-30 by Chris Limb