Unix is an open computing environment. This means the user has the ability to share files with anyone else who is connected to the Internet. Since we all have private files, such as our e-mail, Unix has a way that we can grant or deny others access to our files.
Each file and directory has a unique combination of permissions: read, write, and execute. Depending on how you have your permissions set, others may read your files, write to your files, execute your scripts or programs, and open your directories.
If you would like to publish information from your Unix account, such as sharing a file with your colleagues or creating a homepage for the World Wide Web, you will want to make the files readable to other people. Since mercury has been set up as a web server, the default permissions for folders and files will give others access. If you want to deny someone access to a particular file, you will have to change the file permission mode for each file and directory involved.
To see the access levels on Unix files and directories, use ls with the long list option, -l.
Step 1.To list your home directory with the long list option, type:
ls -l Enter
You see a long directory listing.
This listing looks much like what we saw earlier:
drwx------ 2 jump031 mypage 96 Sept 1 1 1:03 bin/
drwxr-xr-x 2 jump031 mypage 96 Sept 2 1 0:02 Shared/
drwxr-xr-x 2 jump031 mypage 96 Sept 2 1 1:04 www/
We now want to focus our attention on the left-most column, the mode field.
Reading the Mode Field
This diagram shows the portions of the mode field. By examining this field, we learn how security permissions are set for a directory or file. Permissions control who can view, modify, delete, copy, etc a file or directory.
The first character, "d," indicates that this entry is a directory, rather than a file; files will have a "-" in this column.
The next nine characters are to be interpreted as three sets of three characters each. The first set of three characters refers to file-access permissions for the owner, the next set for the user-group, and the last set for the rest of the world.
The permissions will always appear in the order displayed, rwx.
The permissions are indicated as follows:
the file is readable
the file is writable
the file is executable
the indicated permission is not granted
The execute permission is required on directories that you want people to have access to, and to files that should be run as a program. Someone executes a directory when they make it their working directory. There is no harm in giving execute rights to plain files (it has no effect).
Changing File Permissions
Unix automatically sets the new file's permission mode to be private, you will have to change the mode to allow other users to access the information.
To create a new permission mode, you specify a number constructed from the sum of one or more of the following values:
- 400 read or copy by owner
- 200 write or edit by owner
- 100 execute, or search if file is a directory, by owner
- 040 read or copy by group
- 020 write or edit by group
- 010 execute, or search if file is a directory, by group
- 004 read or copy by others
- 002 write or edit by others
- 001 execute, or search if file is a directory, by others
For example, the mode value that provides read, write, and execute permission to the file's owner (400+200+100), read and execute permission to the user-group (40+10), and read and execute permission to all others (4+1) is 755 (add all the numbers together). The mode value that provides read, write, and execute permission to owner and no permission to group or others is 700 (400+200+100). If you wanted to make sure that you did not accidentally overwrite an important file, you could set the mode value to 500.
There are no modes with negative numbers.
NOTE: For World Wide Web publishing, you must allow read and execute access (5) to others for folders and read access(4) for files. In most cases we usually allow read and execute access to group also. You must allow access to your home directory, the directory where your html files are stored, and all the files and directories inside your Web directory. Again, with mercury, permissions are already set this way.
We want to be able to deny other people access to our private.txt file, but allow others access to the rest of our files. In order to do this we'll have to change the permissions on our private.txt file.
Using the Change Mode Command
We change the permissions on files and directories using the chmod (change mode) command.
The syntax of this command looks like the following:
[command] -[options] [required parameters] [file or directory name]
NOTE: The chmodcommand is an example of a command that has required parameters. This is information that must be included when you issue the command, or else it will not run. With this command, the new permission number is required.
We want to change the permissions on one of the files in our Shared directory.
Step 1.To change our current directory to Shared, type:
cd Shared Enter
Step 2.To check the permissions of your private.txt file, type:
ls -l Enter
We will change the permission of the private.txt file so that only we, the owner, may read or edit the file, and no one else may even look at it.
Step 3.To change mode and deny others access to our private.txt file, type:
chmod 600 private.txt Enter
Step 4.To check the permissions of your private.txt file, type:
ls -l Enter
You should see the changed permissions for your private.txt file:
We have denied access by other users to this file.
Accessing Other's Files
Now let's move into our partner's Shared directory and look at their public.txt file. We can do this easily if we use the"~" shorthand. A shorthand is a character that takes the place of a larger set of characters. In Unix, "~" means to go to this user's home directory.
Step 1.To change to your partner's home directory, type:
cd ~partner's usernameEnter
NOTE: If you are using these materials in self-study mode, use jump059 as your partner's username.
Remember, the prompt indicates which directory we are in. Let's verify where we are by checking the working directory.
Step 2.To check your present working directory, type:
Notice that you are in your partner's home directory.
Make a note of your partner's home directory for later use.
My partner's home directory is:__________________________________
Step 3.To list the current directory (your partner's), type:
You see the Shared directory followed by the slash.
Step 4.To change to your partner's Shared directory, type:
cd Shared Enter
NOTE: You must use the correct capitalization of directory names. The ls command is useful for checking this.
Step 5.To verify your present working directory, type:
You are now in your partner's Shared directory.
Step 6.To list your partner's Shared directory, type:
We are finally in a position to look at our partner's public.txt file.
Step 7.To open your partner's public.txt file, type:
nano public.txt Enter
You see your partner's file.
Let's try to modify their public.txt file.
Step 8.To move to the bottom of the file, press:
Step 9.To add a sentence to your partner's public.txt file, type:
A short sentence
Step 10.To exit Nano, type:
Step 11.To save the modified buffer with the current name, type:
y, then press: Enter
You see an error message stating, "Error writing public.txt: Permission denied". This message really means that we do not have the correct permissions, write access, to our partner's public.txt file.
Let's exit Nano again, but let's not try to save the changes this time.
Step 12.To exit Nano, type:
Step 13.To exit without saving changes, type:
You are back at the prompt.
Viewing Your Partner's File
You can view the contents of files with the less command without having to open up the Nano editor.
Step 1.To view the contents of your partner's private.txt file, type:
less private.txt Enter
You see an error message. We were not given permission to view this file.
Now let's try to view the contents of the public.txt file using the less command.
Step 2.To view the contents of your partner's public.txt file, type:
less public.txt Enter
You see the contents of the file. Notice that the attempted modifications were not saved.
Step 3.To end the output of this less command, type:
You are returned to the command prompt.