William & Mary
Close menu Resources for... William & Mary
Popular Topics
Suggested Results
News Events
Apply Visit Request Info
W&M menu close William & Mary
Information Technology
Services

Sharing files / file permissions

 

Understanding file and folder permissions:

Understanding file and folder permissions in Linux is useful if you want to share with other users that have access to the system.    In Linux, all files and folders have permissions associated with them.  These permissions can be display with
ls -l for a file or ls -ld for a folder:

Fig. 1: Terminal showing file and folder permissions

 The permissions of the folder 'example' and the file 'pymp.py' is show in the left side of the listing amongst the first ten characters.  The first character shows whether the object is a file or folder.  This is a 'd' for the folder (i.e. directory), and it is '-' for a file.

Fig.2 Linux file permissions

The next three characters (rw-) correspond to the user that owns the file (here ewalter).  The first character is 'r' so 'ewalter' has read permission for this file.  Also, 'ewalter' has 'write' permission for this file.  The last column states whether the file can be executed or not.  In this position, there is a '-' so the file is not executable (i.e. if you enter ./pymp.py at a prompt, you will get 'permissioned denied').   NOTE:   directories / folders must have executable permission to be entered.

The next three characters (---) correspond to the group ownership of the file.   Here the group ownership for the file is 'hpcf'.   However, all three characters are '-' so there are no group permissions.  You can find which groups you are in by entering 'groups' at a prompt:

Fig. 3: How to find out group membership for users

 

Finally, the last three characters (---) in Fig. 2 correspond to users that are not the user that owns the file or are not in the 'hpcf' group.  

Making a file or folder accessible to another user:

For an example, let's say that we want to share the file 'pymp.py' with another user, say 'dhfiaz'.  The first thing to do is to change the permissions of the file such that dhfiaz has read access.   We can try to do this with group permissions first.  Both 'ewalter' and 'dhfiaz' are in the 'hpcf' group and the file is in the 'hpcf' group.   Therefore, ewalter can simply change the file to have group read permission with the 'chmod' command:

Fig. 4: Adding group read permission to a file


Here the command 'chmod g+r pymp.py' is run to add read to the group permissions (g+r).  Now, anyone in the 'hpcf' group can read this file.   However, we are not done yet.   Can dhfiaz get to this folder? 

Fig 4. Permissions must be correct for all folders above the target folder

 
The answer is NO, since dhfiaz can not enter the /sciclone/home/ewalter/example directory (it only has executable permission for the user, which is 'ewalter')   Therefore, we must change the permissions of the example folder:

Fig. 5: Changing permissions

 

Now that members of the 'hpcf' group can enter /sciclone/home/ewalter/example, dhfiaz can copy this file back to his home directory:

Fig. 6: Moving the file to another folder

 

What if the two users don't share a group?

The 'other' user permissions can be used to share a file/folder with someone that doesn't have a group in common.    In the above example, the 'pymp.py' file could be modified with 'chmod o+r pymp.py'  which would add read permissions for all users and the /sciclone/home/ewalter/example folder could be modified with 'chmod o+rx example'.   

How do I control what permissions my files/folders start out with?

The 'umask' is used to control which permissions are set for new files and folders.    The default umask on all systems is '77'.   The right most number refers to the octal value that is subtracted from full permissions when a file is created.   In octal, 7 is '111', which means that 'rwx' is removed from the 'other' permissions when a file is created.  The next '7' in controls group permissions.  The final character is assumed to be '0' so no permissions for the user that owns the file are removed when the file/folder is created.  This keeps all files/folders secure by default.  Only the user that owns the file/folder has permission to read, write, or execute files and enter folders.   

A more open umask would be '22' which means 'other' permssions get a umask of '2', which is 010 in octal so only 'w' permission is removed from other and group permissions (since the 'r' and 'x' positions are '0').    One can override the system default umask by adding it to the end of your .cshrc file.  i.e.:  umask 022     Once you log out an log back in, you can run the umask command without an argument to make sure it has changed.