File and directory access permissions

This page briefly explains the access permissions to the files and directories on Linux workstations.
You can classify or share information by setting the access permissions appropriately.

How to check the permissions

To check the current access permissions, type the ls command followed by the -l option.

[ua999999@loginXX ~]% ls -l
合計 40
drwxr-xr-x  2 ua999999 users  4096  4月  7 18:00 public_html
drwx------  8 ua999999 users  4096  4月  7 18:00 smbhome

The letters to the left, such as r, w, and x, have the following meanings.

• The "d" indicates a directory."l" and "-" represent a symbolic link and file respectively.

• "r", "w", and "x" have the following meanings.

  • "r": file and directory read permissions

  • file and directory write (and delete) permissions

  • "x": file and directory execution permissions

  • "-": no file and directory rights

• The second to fourth characters represent the permissions granted to the owner of that file or directory (in this case, ua999999).

• The fifth to seventh characters represent the permissions granted to the group of that file or directory (in this case, users).

• The eighth to tenth characters represent the permissions granted to those other than the owner and group of that file or directory.

In the above example, anyone can read public_html l but cannot create any files and directories. Only the owner, ua999999, can create files and directories in public_html.

For details about the ls command, refer to the manual by typing "man ls".

How to configure access permissions

To configure access permissions, use chmod command.

[ua999999@loginXX ~]% chmod go-rx public_html
[ua999999@loginXX ~]% ls -ld public_html
drwx------  2 ua9999998 users  4096  4月  7 18:00 public_html

In the above example, the personal Web site is temporarily shut down.

The go-rx following the chmod command means "withholding (-) the read (r) and execute (x) permissions from the group (g) and others(o)".

To restore the permissions, execute the chmod command as shown below.

[ua999999@loginXX ~]% chmod go+rx public_html
[ua999999@loginXX ~]% ls -ld public_html
drwxr-xr-x  2 ua999999 users 4096  4月  7 18:00 public_html

The go+rx following the chmod command means "assigning (+) the read and execute permissions to the group (g), owner, and others (o)".

For example, to keep a file or directory private, execute the chmod command as shown below.

[ua999999@loginXX ~]% chmod go-rwx secret

For details about the chmod command, refer to the manual by typing man chmod.

Default settings

At the ITC systems, the default permission setting for newly created files and scp-transferred files is -rw-r--r-.
By default, drwxr-xr-x is set to newly created directories.

To change groups

To change groups, use chgrp command.

[ua999999@loginXX ~]% chgrp hogehoge public.html

In the above example, the public.html file group is changed to hogehoge.

To check the groups that can be changed via the current account, use the id command.

[ua999999@loginXX ~]% id
uid=999999(ua999999) gid=100(users) groups=100(users),

For details about the chgrp command, refer to the manual by typing "man chgrp".

Combination of chmod and chgrp

By combining chmod and chgrp, you can create files and directories that can be shared with other account users of the same group.

[ua999999@loginXX ~]% ls -ld common
drwxr-xr-x  2 ua999999 users  4096  4月  7 18:00 common
[ua999999@loginXX ~]% chgrp hogehoge common
[ua999999@loginXX ~]% chmod g+w common
[ua999999@loginXX ~]% ls -ld common
drwxrwxr-x  2 ua999999 hogehoge  4096  4月  7 18:00 common

In the above example, the common directory is moved to the hogehogegroup, for which account users are granted write permission.

Any account user belonging to the hogehoge group can create new files or directories.

Note that by granting the write permission, you also grant the delete permission.