====== Set Permissions On Files Or Directories ======

   * [[#Files]]
   * [[#Directories]]
===== Files =====

Permissions on Linux are applied to files by three main groups of three attributes:

   * ''r'' indicates the ability to read the contents of the file
   * ''w'' indicates the ability to write to or modify the file
   * ''x'' indicates the ability to execute the file (i.e. to run it as a script or an application)

In addition, a leading single attribute indicates whether a file is a directory or a normal file. A typical file on Linux may show the following permissions when you use ''ls -l'':

<code lang=shell-session>
$ ls -l myfile.txt
-r--------   1 n1234 1999          67 Mar 31 12:35 myfile.txt
</code>

   * The first column is normally blank for files, but will show as **d** for directory names. In this case it is blank (**-**) as the entry is a simple text file.
   * The first triplet of permissions (**r - -**) are for the __owner__ of the file, in this case; //n1234//. In the example above the user //n1234// can **read** the file.
   * The second triplet of permissions (**- - -**) are the the __group__ of the file, in this case the group //mygroup//. In the example above; the group has no access.
   * The third triplet of permissions (**- - -**) are for __all other users__. In the example above; everyone else has no access.

==== Changing Our Permissions ====

We can change our own permissions to set a file from read-only to be read/write (or vice-versa). To do this we use the ''chmod'' command and pass the ''u+'' option (for //user// or owner of the file) to //add// a permission.

Here we change a file from read-only, to read-write by //adding// the write permission:

<code lang=shell-session>
$ chmod u+w myfile.txt
$ ls -l myfile.txt
-rw-------   1 n1234 1999          67 Mar 31 12:35 myfile.txt
$
</code>

Notice that the first triplet of permissions now shows **rw-**, indicating that we, as owner of the file can now read //and// write to it.

We can use the ''u-'' option to //remove// a permission as well. The //normal// available permissions are, of course ''r'' for **read**, ''w'' for **write** and ''x'' for **execute as a programme**.

Most files you create on the HPC facility will default to ''rw-'' for yourself. But there may be times when you need to add/remove those permissions.

==== Changing Group Permissions ====

Allowing others in the group //mygroup// to read the contents of ''myfile.txt'' we used the ''chmod'' command (//change mode//) and pass the ''g+'' option (for //group//) to add a permission:

<code lang=shell-session>
$ chmod g+r myfile.txt
$ ls -l myfile.txt 
-rw-r----- 1 n1234 mygroup 67 Mar 31 12:35 myfile.txt
$
</code>

Note that the second triplet is now **r--**. Now assume we also want others in //mygroup// to be able to write to the file as well:

<code lang=shell-session>
$ chmod g+w myfile.txt
$ ls -l myfile.txt
-rw-rw---- 1 n1234 mygroup 67 Mar 31 12:35 myfile.txt
$
</code>

Note that the second triplet is now **rw-**.

We can also use the ''g-'' option to //remove// a group permission:

<code lang=shell-session>
$ chmod g-w myfile.txt
$ ls -l myfile.txt
-rw-r----- 1 n1234 mygroup 67 Mar 31 12:35 myfile.txt
$
</code>

The file is now read-only for everyone in //mygroup// again.

==== Changing Permissions For Everyone Else ====

If we want to change the permissions for //everyone else// (__outside__ of the current group), we can use the ''o+'' flag (meaning //others//) to add a permission:

<code lang=shell-session>
$ chmod o+r myfile.txt
$ ls -l myfile.txt
-rw-r--r-- 1 n1234 mygroup 67 Mar 31 12:35 myfile.txt
$
</code>

Note how in the example above we have allowed __read__ permission for the third field (**r--**), which means all other users outside our group can read the file.

The ''o-'' flag can also be used to remove a permission from everyone else.

<WRAP tip round>
**Tip - Shortcuts to set permissions**

We can add or remove permissions for __all__ categories of user (''u'' - user, ''g'' - group, and ''o'' - other) simultaneously by //omitting// the ''u'', ''g'' or ''o'' flag. For example remove //write// permissions for **everyone** on the file ''file.txt'' by using ''-w'' with no prefix:

<code lang=shell-session>
$ chmod -w file.txt
</code>
</WRAP>

----
===== Directories =====

Permissions on Linux are applied to directories by the same three main groups of three attributes as used for files. But, their meaning is subtly different:

   * ''r'' indicates the ability to list the contents of the directory (i.e. via ''ls'')
   * ''w'' indicates the ability to create new files in the directory
   * ''x'' indicates the ability to enter or access the directory as part of a path, e.g. with ''cd'' (note that //accessing// a directory and //listing// directory contents are __two__ different permissions!)

Note that directory permissions are strictly related to the directory itself - they do __not__ imply any permissions on the files contained within that directory; [[#Files|file]] permissions are set on the files themselves.

This gives some potentially //odd// scenarios, including (but not restricted to):

   * Being able to list the contents of a directory using ''ls'', but __not__ being able to ''cd'' into it!
   * Being able to ''cd'' to a directory, but __not__ being able to list the contents using ''ls''!

Assume a directory containing two folders; ''mydir'' and ''private'':

<code lang=shell-session>
$ ls -l
drwx------   2 n1234 mygroup        4096 Mar 21 12:32 mydir
drwx------   2 n1234 mygroup        4096 Jun 21  2024 private
$
</code>

In the example above:

   * Directory ''mydir'' has permissions **rwx** for the owner, so they can list contents (**r**), create new files (**w**), as well as access the directory in the path (**x**)
   * Directory ''mydir'' has permissions **- - -** for the group, so group members can do nothing with that directory, //or any sub-directories of it//.
   * Directory ''mydir'' has permissions **- - -** for all others group, so everyone can do nothing with that directory, //or any sub-directories of it//.

=== Common Directory Questions ===

> **How do I let others in my group ''cd'' into my directory?**

The directory //and all directories above it// must have ''+x'' set for the group:

<code lang=shell-session>
$ chmod g+x mydir
drwx--x---   2 n1234 mygroup        4096 Mar 31 13:24 mydir
$
</code>

> **How do I let others in my group list the files in my directory using ''ls''?**

The directory must have ''+r'' set for the group. You //probably// also want the group to be able to ''cd'' to it, so add the ''+x'' permission as well:

<code lang=shell-session>
$ chmod g+x mydir
$ chmod g+r mydir
drwxr-x---   2 n1234 mygroup        4096 Mar 31 13:24 mydir
$
</code>

> **How do I let others in my group create new files or subfolders in my directory?**

Add the ''w'' permission, which allows the creation of new files (and directories):

<code lang=shell-session>
$ chmod g+x mydir
$ chmod g+r mydir
$ chmod g+w mydir
drwxrwx---   2 n1234 mygroup        4096 Mar 31 13:24 mydir
$
</code>

Note that in the above example, all members of //mygroup// can access, list the contents of, and create new files in ''mydir'', with the exact same permissions as the owner, //n1234//. This is often a common request for shared, project working areas.

===== Further Reading =====

   * https://en.wikipedia.org/wiki/Chmod
   * https://en.wikipedia.org/wiki/File-system_permissions#Numeric_notation
   * https://en.wikipedia.org/wiki/File-system_permissions#Symbolic_notation

----

[[:faq:index|Back to FAQ]]