In my previous blog post, I explained how you can set the file permissions using the numeric method in Linux/Unix. You can also use the symbolic method when setting file permissions in Linux/Unix systems, but this method is a little trickier than using the numeric method. With the numeric method, you’re setting the new permissions absolutely; it doesn’t matter what the existing permissions are.
With the symbolic method, you’re setting the new permissions relative to the old permissions. Also, you’re embarking on some slightly different terminology when it comes to permissions and the symbolic method, as you”ll see by the following example of the chmod command used with the symbolic method:
$ chmod u+x data
This might appear to be confusing at first, but it really isn’t. When using this symbolic method, chmod changes permissions relative to the old one and does so through a syntax that adds or subtracts permissions for the user (who has been called the owner of the file so far in this discussion), the group, and others (the world). Breaking down the u+x portion of the previous command line yields the following information:
- The u refers to the user, or the owner of the file. From this, we know that the permissions are being set for the owner.
- The + refers to the process of adding permission to the current permissions. If a minus sign (-) were used here, permission would be subtracted from the current permissions.
- The x means that the change in the permission should mean that the ability to execute the file should be added to the permissions.
You can specify multiple permissions on a command line with the chmod command, provided the individual permissions are separated with a comma:
$ chmod u+x. go-w data
This command line takes away (-) the ability to write (u’) to the file from the group (g) and others (O).
You can give every user access to a file with the following command line:
$ chmod ugo+rwx
The symbols used with the chmod command are listed below:
u = User (or the owner of the file). g = Group. o = Other (or the world). + = Adds a permission to the existing permissions. - = Takes away permission from the existing permissions. r = Reads the file. w = Writes to the file. x = Executes the file. t = Sets the "sticky bit" on a directory
Changing How UNIX Assigns Permissions
When you create a file or directory, default permissions are automatically assigned to the file or directory. Most of the time, the default permissions will be acceptable. However, you may find that you want to change these defaults. To do so, you use the umask (short for user-mask) command. When run without any options, the umask command returns the default permissions:
$ umask 744
This is a pretty expansive set of permissions (and not usually the default; this is being used purely as an example, and it’s more than likely that this won’t be your default). Since most of the time the umask command will be used to make permissions more restrictive, the following example will change the permissions to give full permission to the owner and the group, but not to the world:
Wait a second–007? yes. in yet another glaring inconsistency within the UNIX system, the umask command changes permissions relative to a baseline of 777. Therefore, your input of 077 to the umask command is actually subtracted from the baseline 777, yielding final permission of 770. Which gives full permissions to the owner and the group, but no permissions to the world. After running the previous command line, you can check the new permissions like this:
$ umask 770