File and Directory Permissions in UFS and NFS

Previous: UFS and NFS

Up: UFS and NFS

Next: AFS


File and Directory Permissions in UFS and NFS

File permissions regulate file access. They allow you to control who can read, write, or execute any files you may own. File permissions in UFS and in NFS are similar, and specified for each file and directory. The three basic permissions are:

read (r)
Having read permission on a file grants the right to read the contents of the file. Read permission on a directory implies the ability to list all the files in the directory.
write (w)
Write permission implies the ability to change the contents of the file (for a file) or create new files in the directory (for a directory).
execute (x)
Execute permission on files means the right to execute them, if they are programs. (Files that are not programs should not be given the execute permission.) For directories, execute permission allows you to enter the directory (i.e., cd into it), and to access any of its files.

Under both UFS and NFS, permissions exist separately for user, group, and others. User (u) permissions apply to the owner of the file. Group (g) permissions apply to all members of the group associated with the file. Permissions for others (o) apply to anyone else. The default owner of any file you create will be you. The group will be inherited from its parent directory. More information on the system (Moira) groups is available in the Moira section of An Inessential Guide to Athena, available from SIPB.

The permissions, owner and group associated with a file or directory can be checked by looking at the output of ls -lg. The permissions are listed in the first field of the output. If the first character is d, the entry is a directory; the character - or the letter f signifies a normal file. The next three characters signify the user permissions: their values will be r, w or x (respectively) if the permission is granted, or - if it isn't. The following three characters represent the group permissions in the same way, and the last three represent others. The owner of the file is listed in the third field of the output; the fourth field lists the group associated with the file. So if a file notes looked like this:

-rw-r----- 1 joeuser joepals 10460 jun 17 11:27 notes

it would mean that the user joeuser has read and write permissions on the file notes, the members of the group joepals have only read permission, while everybody else has none. Note that the username root signifies the superuser. Anyone with the superuser privileges implicitly has read and write permissions, as well as the ability to change permissions, on all the files on the local disks. This does not include files that have been mounted.

The permissions can be changed by using the chmod command. Granting permissions is done by chmod who+permissions, where who is any combination of u, g and o, and permissions any combination of r, w and x. Similarly, permissions are withdrawn by using chmod who-permissions. You can change the group associated with a file by chgrp groupname file(s). For more information on the chmod command, read the corresponding manual page.