File Permissions Management

A Unix file or folder has a single individual owner plus a single group owner. Permissions are set for the owner, the group and everyone. Permissions can be changed by modifying the octal of the file, or by adding or removing a specific permission.

To view current permissions of a file, use either below:

• ssh YourUBITName@ubunix.buffalo.edu
  
• sftp YouUBITName@myfiles-sftp.buffalo.edu
  

with a program like PuTTY or ssh, then go to the directory where the files are located and enter the command ls -l.

To change the permission by octal, determine what permission you want for the file, with 0 being none, 4 read, 2 write and 1 execute, which combine for numbers 0 through 7 (see above). The first number is for the owner, the second for group and the third for other, or everyone.

Therefore, to give the owner and group of a file program.exe read, write, and execute permission, but everyone else no permission, you would use the chmod command as follows:

You can also add or remove a permission. Use u for the owner, g for the group or o for other, then add (+) or subtract (-) a permission (r for read, w for write and x for execute):

chmod u+w filename.ext

would add write permission for the file's owner

chmod o-r filename.ext

would remove read permission for others.

Groups are uniquely named entities for a particular system that can be used to specify file permissions. For example, at UB, there are institutional and AD groups.

Every user may be a member of one or more “groups”, including a “primary group”. Every file belongs to only one user and to only one group.

When a file is created in Unix, its owner is the person who created it. The default group is the primary group of the owner or the group of the directory in which it was created. Changing the group owner of a directory causes all files subsequently created in that directory to be created with the new group.

To change the owner of a group, an owner can issue the chown command:

chown file.ext

• Type groups at the system prompt to see groups to which you belong.
• Type grep group_name  /etc/group to display the membership of a particular group.

Using the Recursive flag (-R) causes a change (add, replace or remove) made to any folder to be made to all its subfolders and files.  

chmod -R 772 foldername

setuid (set user ID) is a flag in Unix file systems that:

• allow users to execute a file temporarily using the permissions of the file’s owner  (individual or group)
• are represented symbolically by an s as in drwsrwxrwx or drwSrwxrwx

To set setuid:

chmod 4XXX filename
(where XXX are the octal numbers of the permissions you want to set and filename is the name of the file)

setgid (set group ID) is a flag in Unix file systems that:

• causes new files and subdirectories to inherit the specified group or the setgid bit
•  does not affect existing files and subdirectories
• are represented symbolically by an s as in drwxrwsrwx or drwxrwSrwx

To set setgid:

chmod 2XXX directory
(where XXX are the octal numbers of the permissions you want to set and directory is the name of the directory)

Sticky bit is a flag for directories in Unix file systems that:

• disallows renaming or renaming files in the directory by anyone other than the file or directory owner or a superuser
• is represented symbolically by a t in the final character-place, as in drwxrwxrwxt  or drwxrwxrwT

To set sticky bit, use:

• chmod 1XXX dir
  (where XXX are the octal numbers of the permissions you want to set and dir is the directory)

or

• chmod +t dir
  (where dir is the directory)