Unix script tutorial : File permission decoded

What is Users?
A UNIX system serves many users. Users are an abstraction that denotes a logical entity for assignment of ownership and operation privileges over the system. UNIX identifies each user by a User ID (UID) and the username (or login) such as ‘oracle’ and ‘applmgr’ is just an alias to the UID that makes humans more comfortable.

What is Groups?

Users can be organized in groups. A user may belong to one or more groups of users. The concept of groups serves the purpose of assigning sets of privileges for a given resource and sharing them among many users that need to have them. For example in Oracle apps env, we have dba group whose members are oracle and applmgr

File permission decoded
Each file and directory on your Unix system is assigned access rights for the owner of the file, the members of a group of related users, and everybody else. Rights can be assigned to read a file, to write a file, and to execute a file (i.e., run the file as a program).

We can use ls -l command to list the file permission

Lets take an example to explain it

$ls -l x1

-rwxrw-r– 1 oracle dba 10 Jan 10 12:41 x1

x1: Filename
oracle is a user of the Unix system
dba is a group
oracle : Owner of the file
dba: group assigned to the file
r stand for read permission
w stands for write permission
x stands for execute permission
First three letter( rwx) determine the file permission for the owner. So owner can read,write and execute the file
Second three letter (rw-) determine the file permission for the group.So any user in that group has read and write permission on the file
The last three letter(r–) determine the file permission for everybody else. So anybody who is not the owner nor in file group can read the file only

We can write file permission in another form also.It is Called Octal Number
1) read means 4,write means 2 and execute means 1
2) so rwx for owner means 7
3) so rw- for groups means 6
4) so r– for everybody else means 4
5) We can say 764 as the file permission in short
How these permission are defined for the file

You can use the umask command to set default access permissions. This will ensure that any files and directories you create have consistent permissions.

Without the mask the system would set permissions of 666 for files and 777 for directories when first created. The values in the mask are subtracted from these values to give a default value for access permissions for the files and directories created by you.

For example:
777 (system value for directories)
-077 (value of the umask)

700 (default access permission of rwx——)
To change your default access permissions you use the command:
umask nnn
Each “n” is a number from 0 to 7

Octal number Access permissions given
0 rwx read, write and execute
1 rw- read and write
2 r-x read and execute
3 r– read only
4 -wx write and execute
5 -w- write only
6 –x execute only
7 — no permissions

chmod and chown

We can use chmod and chown to manipulate the file permission


chmod options mode filename filename1…
chmod options mode directory_name

The “mode” consists of three parts: who the permissions apply to, how the permissions are set and which permissions to set.
who is specified as one of:
u (user) the owner of the file
g (group) the group to which the owner belongs
o (other) everyone else
a (all) u, g and o (the world)
how is given as one of:
+ add the specified permission
– subtract the specified permission
= assign the specified permission, ignoring
whatever may have been set before.
which are specified by one or more from:
r read
w write
x execute
-R Recursively descend through directory arguments, setting the mode for each file as described above. When symbolic links are encountered, the mode of the target file is changed, but no recursion takes place.

chmod u+x file1 : It means giving execute permission to file owner
chmod g-x file1 : It means revoking execute permission from file group

We can also use Octal numbers for chmod
chmod 700 file1 : It means giving read/write/execute permission to file owner but revoke every permission from group and everybody else


chown options username:group name filename
chown options username:group name filename

username: To assign the file to a particular user
groupname:To assign the file to a particular group

This is generally execute with root command to avoid any privelege issue
-R Recursively descend through directory arguments, setting the mode for each file as described above.

chown oracle:dba file1 : It means assigning user oracle and group dba to the file1