File Permissions Management
Unix permissions control who can read, write or execute a file. You can limit it to the owner of the file, the group that owns it or the entire world.
For security reasons, files and directories should never be made world-writable.
Unix File Permissions
A Unix file or folder has a single individual owner plus a single group owner. Permissions are set for the owner, the group and everyone. Permissions can be changed by modifying the octal of the file, or by adding or removing a specific permission.
To view current permissions of a file, use either below:
- ssh YourUBITName@ubunix.buffalo.edu
- sftp YouUBITName@myfiles-sftp.buffalo.edu
with a program like PuTTY or ssh, then go to the directory where the files are located and enter the command ls -l.
| # | Permission | rwx |
|---|---|---|
| 7 | read, write and execute | rwx |
| 6 | read and write | rw- |
| 5 | read and execute | r-x |
| 4 | read only | r-- |
| 3 | write and execute | -wx |
| 2 | write only | -w- |
| 1 | execute only | --x |
| 0 | none | --- |
Changing Permissions by Octal
To change the permission by octal, determine what permission you want for the file, with 0 being none, 4 read, 2 write and 1 execute, which combine for numbers 0 through 7 (see above). The first number is for the owner, the second for group and the third for other, or everyone.
Therefore, to give the owner and group of a file program.exe read, write, and execute permission, but everyone else no permission, you would use the chmod command as follows:
chmod 770 program.exe
(4+2+1 for owner, 4+2+1 for group and 0 for other)
Changing Permissions by Adding or Removing Permission
You can also add or remove a permission. Use u for the owner, g for the group or o for other, then add (+) or subtract (-) a permission (r for read, w for write and x for execute):
chmod u+w filename.ext
would add write permission for the file's owner
chmod o-r filename.ext
would remove read permission for others.
Using the Recursive Flag
Using the Recursive flag (-R) causes a change (add, replace or remove) made to any folder to be made to all its subfolders and files.
chmod -R 772 foldername
Setting Special Permissions
setuid and setgid
setuid (set user ID) is a flag in Unix file systems that:
- allow users to execute a file temporarily using the permissions of the file’s owner (individual or group)
- are represented symbolically by an s as in drwsrwxrwx or drwSrwxrwx
To set setuid:
chmod 4XXX filename
(where XXX are the octal numbers of the permissions you want to set and filename is the name of the file)
setgid (set group ID) is a flag in Unix file systems that:
- causes new files and subdirectories to inherit the specified group or the setgid bit
- does not affect existing files and subdirectories
- are represented symbolically by an s as in drwxrwsrwx or drwxrwSrwx
To set setgid:
chmod 2XXX directory
(where XXX are the octal numbers of the permissions you want to set and directory is the name of the directory)
sticky bit
Sticky bit is a flag for directories in Unix file systems that:
- disallows renaming or renaming files in the directory by anyone other than the file or directory owner or a superuser
- is represented symbolically by a t in the final character-place, as in drwxrwxrwxt or drwxrwxrwT
To set sticky bit, use:
- chmod 1XXX dir
(where XXX are the octal numbers of the permissions you want to set and dir is the directory)
or
- chmod +t dir
(where dir is the directory)
Still need help?
Contact the UBIT Help Center.
