next contents next index

UNIX File Protections

*** File protection (also known as access rights) enables the user to set up a file so that only specific people can read, write/delete, and execute it. Write and delete privilege are the same on a UNIX system since write privilege allows someone to overwrite a file with a different one.

*** UNIX file permissions are defined according to ownership. The person who creates a file is its owner.

*** In addition, there is a concept known as a group. Members of a group have special privileges to see each other's files. We generally create groups as the members of a single lab - the students, technicians, postdocs, visitors, etc who work for a given PI.

***Only the owner of a file can change the protection on a file. To determine the owner and the current protections of a file, type the command ls -l filename (-l is for long) or just ls -l to get a listing of all files in the current directory. 

$ ls -l
total 2514
-rw-r--r--   1 browns02 staff     366163 Jul 29 15:06 distrib.tar.Z
-rw-r--r--   1 browns02 staff      15721 Jul 29 15:06 input_file
drwxr-xr-x   3 browns02 staff        512 Jul 29 15:14 Phrap
-rw-r--r--   1 browns02 staff     878231 Jul 29 15:06 RepeatMasker050599.tar.Z
***The username of the owner is shown in the third column. The owner of the files listed above is browns02.

***The access rights for these files is shown in the first column. This column consists of 10 characters known as the attributes of the file. The possible attributes are: d, r, w, x, and -

  • r indicates read permission

  • w indicates write (and delete) permission

  • x indicates execute permission

  • - indicates no permission for that operation

  • The first charcter in the attribute string indicates if a file is a directory (d) or a regular file (-)

  • the next 3 characters give the file permissions for the owner of the file

  • the middle 3 characters give the permissions for members of the owner's group

  • the last 3 characters give the permissions for everyone else (the world)


*** To change the protections on a file use the chmod (change mode) command. [Beware, this is a confusing command.]
*** First you have to decide for whom you want to change the access permissions. Your choices are:
the file owner (u) (presumably yourself)
the members of your group (g)
others (o) (ie. the whole world)
or all 3 classes at once (a)
*** Next you have to decide if you are adding (+), removing (-), or setting (=) some permissions.

*** Taken all together, it looks like this: 

	$ chmod u=rwx g+r o-x myfile.txt
This will set the owner to have read, write, and execute; add the permission for member of the group to read; and remove the permission for others to execute the file named myfile.txt.


***The default file protection assigned to new files is -rw-r--r-- .

That is to say the owner can manipulate the files freely (read and write permission), those in the group can read them, but not write (or delete), and the world can also read them. If you feel you need to alter this default file protection then use this command to set the file privilages so no one else can see your files: 

	chmod go-r *.*
(or set whatever privileges you want)
next contents next index
Using Computers for Molecular Biology
Stuart M. Brown, Ph.D, RCR, NYU Medical Center
Comments to: browns02@mcrcr.med.nyu.edu