File permissions for newbies

February 08, 2019

First things first

This post applies to Unix-like operating systems - from which most popular are MacOS and Linux. It does not apply to Windows. I’m assuming you know basics of using your shell and can navigate directories on your computer using the terminal, so commands like cd, ls, mkdir, rm and similar are in your toolkit. If they’re not - please take a short tutorial to get yourself familiar with them before progressing.

Get your hands dirty.

Every file in your filesystem belongs to someone - a user and a group. It’s pretty straightforward as users are just accounts on the system, like you - the user of the system as which you log in into your machine. Groups are … You guessed it. Collections of users.

First thing you can do is to take a look at some files and their permissions.

$ ls -l
total 3456
-rw-r--r--     1 danielkaczmarczyk  staff      675 28 Jan 17:54 LICENSE
-rw-r--r--     1 danielkaczmarczyk  staff     5541 28 Jan 17:54 README.md
-rw-r--r--     1 danielkaczmarczyk  staff      403 30 Mar 11:34 TODO.md
drwxr-xr-x     3 danielkaczmarczyk  staff       96  1 Apr 21:31 __template
<... output truncated>

The output you see is compromised of a few columns. Let’s start with columns 3 and 4 that read danielkaczmarczyk staff. This tells us which user and group owns the file, respectively.

The section in the first column is the most cryptic, for the first three files it reads -rw-r--r--. What does it mean? This is the persmissions string on the file. The first character is reserved for various use, in our case if it’s - that means the file is a file, if it is d, then it’s a directory. From that knowledge you can see that the first three files are files, and the fourth one is a directory.

Permissions string disassembled

The full permissions string would look like this:

rwxrwxrwx

Each character represents an operation that is permitted if there is a character present and would show a - otherwise. The permissions are: r for read, w for write, and x for executable. The first two are self-explanatory, and the third one means that if a x is present by a file, the user can execute it, if x is present by a directory, the user is able to list its contents.

We have three sections of those to differentiate between what the owner, users in the group, and everyone can do to that file. If you’ll look at my example output of ls again (up above), you’ll see that all those files have the same set of permissions:

rw-r--r--

Can you decipher what it means?

Owner: read and write Group: read Everyone: read

 Chmod

It’s possible to change permissions of a file - they’re not predefined. Before we make any changes, first we need to decide what permissions we’re editing (r | w | x), to which category of users (u | g | o).

To allow a owner of the given file execute it, you would run:

$ chmod u+x name_of_file.rb

Notice how we’re specifying who we’re editing the permissions for (u), and what we are doing (+x) which is adding ability to execute. Opposite operation - revoking those permissions would be performed with a - instead of a +. For example, to revoke this permission we’ve just given to a user, you’d do

$ chmod u-x name_of_file.rb

If you don’t want others to write to your file, you can run this:

$ chmod o-w name_of_file.rb

o specifies that we’re going to change something for ‘others’, and -w is removing (w)rite ability.

Your’e not limited to doing this in two runs though, and doing both at the same time is completely valid:

$ chmod u+xo-w name_of_file.rb

That’s all!

That’s it for a quick intro to permissions. Next time you’ll see an error in your terminal when trying to perform a file operation, you’ll know what to look for. TIP: you can change an owner of file and group respectively with chown and chgrp commands.


Written by Daniel Kaczmarczyk, a software engineer and educator. you can find me on twitter or email me at daniel.kaczmarczyk@hey.com

a pale blue and yellow circle