print friendly version

How to...

Change file access in Unix


You can specify who can read (or have other rights) to your files held on the IT Services UNIX system. This page gives a brief description of how you can check and alter these access modes.

You can grant (or deny) access to any of your files, or subdirectories of files. There are three basic access modes whose meanings depend on whether they apply to a file or a subdirectory:

Access Mode

For a file

For a subdirectory

Read (r)

The ability to examine the contents of a file.

The ability to determine the names of the files in the subdirectory.

Write (w)

The ability to change the contents of the file.

The ability to create or delete a new file in the subdirectory.

Execute (x)

The ability to run it as a command. This is useful if the file contains shell commands or a compiled program.

The ability to read individual files in the subdirectory (provided that Read access has been granted on the individual files).

These access modes can be granted (or denied) to three categories of individual:

User (u)
The person who "owns" the file, normally you for files in your directory.
Group (g)
Members of the group to which the file "belongs". These are normally your colleagues.
Others (o)
All other people registered to use the IT Services UNIX system.

[back to top]

Default access modes

The default modes assigned to a file created are:

Read and Write

You can alter the modes for a specific file by using the chmod command or change the default modes assigned to files that are subsequently created by issuing the umask command.

Please note that IT Services retains the right to change the default access modes, along with other aspects of the system, whenever necessary.

[back to top]

Changing access modes

The chmod command is used to change the access modes to existing files. One method of using the command is to specify what modes you wish to grant to a particular file.


If you had a file called paper.txt and you issued the command:

$ chmod u=r paper.txt

the only access mode you have is to read the contents of the file. This would be useful if the file contained important text that you did not wish to change by mistake. It would also mean that you could not accidentally delete the whole file.

If you wanted to change the file at a later date then you would have to issue the command:

$ chmod u=rw paper.txt

As you did not specify the modes assigned to Group or Other in either of these commands, the modes assigned to these two categories are unchanged.

If you issue the command:

$ chmod o= paper.txt

this would mean that everyone registered on the system (except, possibly, the file's owner or group) would be granted no access modes to the file.

[back to top]

Changing your default

The chmod command changes the access modes for an existing file. There is another command umask which you have to use if you want to change the settings assigned to any files you create. You can use the umask command in a similar way to that described for the chmod command (if you use the recommended Korn shell).


Consider the command:

$ umask u=rw,g=r,o=

If you create any files after issuing this command then the following access modes would be granted:

Read and Write

[back to top]

Checking the access modes

You can use the ls command to determine the access modes to any of your files by choosing the -l option. For example, if you wanted to check the access modes on your file paper.txt you would issue the command:

$ ls -l paper.txt

and would receive the following output:

-rw-r--r-- 1 rogerd csrvsf 1474 Dec 2 10:49 paper.txt

The string -rw-r--r-- in the resultant output has the following significance (reading from left to right):

It is a file. A subdirectory would be indicated by a letter d instead of the -
User has Read and Write access but not Execute access
Group has Read access but not Write or Execute access
Others have Read access but not Write or Execute access

[back to top]

Example of the chmod and ls commands

In the following example the access modes on the file thesis.tex are checked (using the ls command). The Read access currently granted to the Group and Others categories is then withdrawn along with the User's ability to change the file's contents (i.e. Write access). The revised modes are then re-checked. (In this example the -l option is specified on the ls command. The -l option asks for information to be displayed using the long format and the owner's group. The group in this example is csrvsf.)

$ ls -l thesis.tex
-rw-r--r-- 1 rogerd csrvsf 1474 Dec 2 15:23 thesis.tex
$ chmod u=r,g=,o= thesis.tex
$ ls -l thesis.tex
-r-------- 1 rogerd csrvsf 1474 Dec 2 15:23 thesis.tex

[back to top]

Protecting a subdirectory

As an alternative to granting access to all the files in a subdirectory, you may wish to only grant selective access to specified files. Consider, for example, that you wish to allow anyone to read the file readme.txt that is in your subdirectory Tools, but only that file. This is achieved by the following steps:



Allow other people to access the subdirectory:

$ chmod g=x,o=x Tools

Change to the subdirectory:

$ cd Tools

Prevent other people having access to the files within the subdirectory:

$ chmod g=,o= *

Allow other people to read the individual file:

$ chmod g=r,o=r readme.txt

[back to top]

Making the change permanent

As mentioned earlier, issuing a umask command will only change the access modes assigned to files created later in that login session. If you wish to change the defaults on all the files you create in the future you should include the appropriate umask command in your .kshrc file.

[back to top]

created on 2010-01-01 by Andy Clews
last updated on 2010-06-30 by Chris Limb