Unix Permissions on CSUN Accounts
There are user-changeable permissions assigned to every directory and file in a campus Unix account that specify who has read, write, or execute privileges. Separate permissions are assigned to the user (i.e., you, the account owner), the group to which the user belongs (normally a department, such as Geography), and "other" (i.e., anyone in the world). This document provides a brief overview to help you understand the permissions associated with your account.
Viewing and Understanding Permissions
You can view the permissions that are set for the directories and files in your account by typing the following command at the prompt:
ls -al
where ls means "list" and -al modifies the list request to include "all" files (including those preceded with a dot) in the "long" format (which includes permissions).
The resulting list of files and directories will appear in the following format:
-rwxr--r-- # userID group size date time filename
drwxr-xr-x # userID group size date time dirname
The ten characters in the first column shows the permissions for the designated file or directory name. The remaining columns give information such as userID (i.e., your login account), the group abbreviation (e.g., geog for Geography), the size of the file or directory, the date and time it was last modified, and the name of the file or directory.
In the permissions column, the first character indicates the entry type. File listings begin with a hyphen; directory listings, with the letter d. The remaining nine characters indicate the permissions themselves (in three groups of three). Character positions 2 thru 4 show user permissions — read (r), write (w), and/or execute (x); 5 thru 7, group permissions; and 8 thru 10, other permissions. A hyphen in a character position indicates a lack of permission for that item.
Table 1 and Table 2, below, describe what the various permissions mean for the user, the group, and others.
TABLE 1. Unix Directory Permissions
| WHO | WHAT THE PERMISSIONS ALLOW | |
|---|---|---|
| USER | Read (r) | The account owner can list the files in the directory. |
| Write (w) | The account owner can create or delete files in the directory. | |
| Execute (x) | access files in that directory by name (such as Web page files). | |
| GROUP | Read (r) | Everyone in the designated group can list the files in the directory. |
| Write (w) | Everyone in the group can create or delete files in the directory. | |
| Execute (x) | Everyone in the group can change (cd) into the directory and access files in that directory by name (such as Web page files). | |
| OTHER | Read (r) | Anyone can list the files in the directory. |
| Write (w) | Anyone can create or delete files in the directory. | |
| Execute (x) | Anyone can change (cd) into the directory and access files in that directory by name (such as Web page files). | |
In the example at the beginning of this section, the permissions for the directory listing are shown as:
drwxr-xr-x
which indicates that the user has read, write, and execute priviliges and that the everyone else (group and other) has read and execute privileges. However, they cannot create or delete files in the directory.
TABLE 2. Unix File Permissions
| WHO | WHAT THE PERMISSIONS ALLOW | |
|---|---|---|
| USER | Read (r) | The account owner can read the file. |
| Write (w) | The account owner can modify or delete the file. | |
| Execute (x) | The account owner can run the file as a program. | |
| GROUP | Read (r) | Everyone in the designated group can read the file. |
| Write (w) | Everyone in the group can modify or delete the file. | |
| Execute (x) | Everyone in the group can can run the file as a program. | |
| OTHER | Read (r) | Anyone can read the file. |
| Write (w) | Anyone can modify or delete the file. | |
| Execute (x) | Anyone can run the file as a program. | |
In the example at the beginning of this section, the permissions for the file listing are shown as:
-rwxr--r--
which indicates that the user has read, write, and execute priviliges and that everyone else (group and other) can only read the file. They cannot modify or delete the file or run it as a program.
Standard Permissions Settings
The standard settings for files and directories in a typical CSUN account are as follows.
| Directory Permissions |
drwx------ |
| File Permissions |
-rw------- |
These settings give the account owner (user) read, write, and execute access to directories and read and write access to files. Group members and others have no access at all.
Changing Permissions
The most common reason for changing account permissions on a CSUN Unix account is to allow access to Web pages that are published there. Refer to Commands for Publishing Web Pages to a Campus Account ("Setting Up Your Account") for instructions.
Otherwise, there is typically no need for the average account owner to change the default permissions on an account, and, in fact, it may be detrimental to do so. You might inadvertently "lock yourself out" of your own account or unintentially allow access to "the world".
August 14, 2003
Prepared by Gail Said Johnson, User Support Services
ITR's technology training guides are the property of California State University, Northridge. They are intended for non-profit educational use only. Please do not use this material without citing the source.