SESSION 12		FILE AND DIRECTORY PERMISSIONS


1. To protect the privacy of user information, each file and directory 
has associated with it a set of PERMISSIONS to determine whether the file 
can be READ, WRITTEN to, or EXECUTED by three classes of users. 
You have control over the read (r), write (w), and execute (x) permissions 
of all files which you own.


2. Type

			ls -l

This lists, in long (l) form, the files in your working directory. You will 
see that each line refers to an individual file/directory. It is of the form

	drwxrwxrwx 	 2	barrhc	125	Oct11 15:07	filename

	    (f)		(e)	  (d)	(c)	     (b)	   (a)

Reading from right to left:

a) This is the filename
b) Date and time of last modification
c) Size of file in bytes
d) Owner of file
e) Number of links. Links permit a file to be addressed by more than one name.
f) The permissions. Each of these 10 characters may appear as shown  and hence
having permission granted, or replaced by a minus (-) sign indicating that 
permission is denied. Reading the 10 characters left to right, they signify

	i) d			indicates a directory
	   -			indicates a file

	ii) the first rwx	the user (u) has read, write, execute
				permission for this file

	iii) the second rwx	the group (g) has read, write, execute
				permission for this file

	iv) the third rwx	all others (o) have read, write, execute 
				permission for this file

For example,

	-rwxr--r--	1	barrhc	2345	Oct12 9:51 	hom1

means that the `hom1' is a file; the user has read ,write and execute 
permission; the group and others have read permission only; it has 1 link; 
the owner is barrhc; it consists of 2345 bytes; it was last modified on 
Oct 12 at 9:51.


3. chmod

To change permissions use the change mode (chmod) command whose syntax is

			chmod  who op  permission filenames

where

	who		u	for owner
			g	for group
			o	for others
			a	for all categories

	op		+	add a permission
			-	remove a permission
			=	set a permission

	permission	r	read
			w	write
			x	execute

For example, move to directory courses/ph251/homework and type `ls -l'. You
will see 4 files for which the permissions are

			-rw-r--r--

To remove the write permission from the user for file `hom1', type

			chmod u-w hom1

Remove the read permission from the group and others by typing

			chmod go-r hom1

To grant read and write permission to all categories for files `hom1' and 
`hom2', type

			chmod a+rw hom1 hom2


4. Example of execute permission:

Create (notepad) a file named `info', containing the 4 lines

			date
			pwd
			echo "you have the following files"
			ls

Now type 
			info

The response will be `permission denied'. You do not have execute permission 
for this file. Now type

			chmod u+x info

to give yourself execute permission. Now type

			info

and the program (file) executes. This is simple example of shell programming.


5. Granting permissions with numerals:

A more concise method of changing mode is to use 3 numbers, one each for the 
permissions of the users, group, others. The numbers are

	0			grants no permissions
	1			grants execute permission only
	2			grants write permission only
	3 (=1+2)		grants execute and write permissions
	4			grants read permission only
	5 (=1+4)		grants execute and read permissions
	6 (=2+4)		grants read and write permissions
	7 (=1+2+4)		grants read, write, execute permissions

The 8 numbers 0-7 can represent all combinations of r,w,x.

For example,

			chmod 740 hom1

would grant all permissions to the user (7), read only to the group (4), and 
no permissions to the others (0).


6. Permissions for directories:

The permissions rwx have a different meaning when applied to directories. 
Their meaning is

	r		allow utility programs (such as ls) to read the 
			directory as if it were a file
	w		permit creation and removal of files in the directory.
	x		permit access to the files in directory; this allows 
			files to be displayed, copied etc.

To illustrate, change directory to `courses/ph251'. Type `ls' and you will see 
that this directory contains only the two subdirectories `homework' and 
`labwork'. Type `ls -l' and you will see that their permissions are

			drwxr-xr-x

Therefore, only you have permission to create and remove files from these 
directories, but ANYONE may display and copy them.

To examine the permissions of your working directory (presently courses/ph251),
type

			ls -ld .			(d for directory)

(this is `ls' space `-ld' space dot). This long-lists your working directory
(.). If you omit the `d' , you will long-list the files/directories IN the 
working directory. You see that anyone may access/display the working directory
(drwxr-xr-x). To deny access to the working directory to group and others type

			chmod go-x .

Don't forget the dot.
This protection is a good idea since users are free to wander around 
the UNIX filesystem.


END OF SESSION 12					file: perm12