Adjusting File Permissions
chmod Permissions Path
The Unix chmod command changes the access permission associated with a file or directory ("file" will be used here to refer to either a file or a directory).
Each file has three types of access: read (r), write (w) and execute (x). In a ls -al file listing, the abbreviations appear in the columns on the left. To see the contents of a file, the file must have read (r) permission. To change the contents of a file (e.g. saving changes after editing), write (w) permission must be enabled. To execute a command by entering the name at the UNIX prompt, the file must have execute (x) permission. To access a directory, the execute (x) permission must be granted for that directory. If a given type of access is not permitted, it will show up as a dash (-) rather than r, w or x in the ls -al listing.
The access to a file can be controlled separately for three sets of users: the owner of the file (u for User), a limited group of users (g for Group)), and everyone on the system (o for Others)). In a ls -al file listing, the first three columns (starting in column two of the listing) are the r, w and x access allowed for the owner, the second three are the access allowed for the group and the third three are the access allowed for everyone else.
Permissions can be specified in numeric format or using the abbreviations above. For the numeric format, three numbers are specified where each number represents the access granted for one of the three sets of users. Each permission number is determined by adding up the value associated with each type of access: r = 4, w = 2 and x = 1. For example, the value 7 grants all access, the value 5 grants only read and execute access but not write access and the value 0 does not allow any access to the file. The numeric access specification is an absolute one; all three types of access for all three sets of users are reset according to the new permissions.
- chmod 640 .cshrc grants read and write permission (6) to the owner of the file, read-only permission to the group, and no permissions for everyone else. The would appear in a file listing as rw-r-----.
- chmod 777 grants all access to the owner, group, and everyone for the current working directory.
The permissions can also be specified using abbreviations rather than numbers. Using this method, some of the permissions can be changed without affecting others. The permissions format is <u, g or o> <+ or -> <r, w or x>. The + adds the access indicated to the file without affecting the other permissions. The - removes the access from the file.
- chmod u+rw report adds read and write permission to the file, report, for the owner of the file. Access for the group and everyone is unchanged
- chmod +x somecommand adds execute permission to the file, somecommand, for all three sets of users
- chmod go-rwx private.file removes all access to the file, private.file, for the group and everyone and leaves the owner's access unchanged
Please keep in mind that files that you store in your home directory, as well as your public_html directory, can most likely be read by anyone. Make sure that private files, such as your mail, are stored in folders which are drwx------, (By the way, the 'd' is for 'directory' in the long listing) Read, Write and Execute for you, the User, and nothing for groups or others.