The file access permission system in UNIX may look strange, but in fact is quite simple - far simpler than that of Windows. The purpose of this note is to explain the system, the three-digit codes for permission levels, and those mysterious strings like drwx--x--x and -rw-r--r-- that you see when you enter the command ls -l to list the files in a directory.

In UNIX, there are three classes of users of a file or directory:

• The owner class consists of the account holder alone.
• The group class consists of the members of a workgroup. If our case, it consists of the students enrolled in this section of this class.
• The everyone class consists of everyone in the world, including users who access web sites through browsers.

There are three types of permissions that a user can have for a file:

• Read: The user has permission to read the file.
• Write: The user has permission to write to the file. (This includes permission to delete it!)
• Execute: If the file is an executable file (that is, a program of some kind) the user has permission to run the program. If the file is a directory, the user has permission to navigate through to any file or folder in the directory.

So if you are defining who shall have what permissions for a file, you have to make nine decisions: three permissions for each of the three classes.

Now to those strange three-digit codes: each digit specifies the permissions for one of the three classes of users. The left digit applies to the owner, the center digit applies to the group, and the right digit applies to everyone. The meaning of each digit is:

By convention, the permissions are arranged in the following order:

The permissions for a file are usually written as a string of nine characters. "r" indicates a read permission, "w" indicates a write permission, and "x" indicates an execute permission. "-" means a permission is not granted. Additionally, if the file is a directory, a "d" is written in front of the string, otherwise a - is written.

At last we can explain those wierd strings of characters that you see in the left column when you enter a ls -l command to see what files you have:

drwx--x--x means: This is a directory; the owner has read, write, and execute permission; and the group and everyone have execute permission. This is the permission setup required on your own account and on your www directory if you want to display a web site. The code is 711.

-rw-r--r-- means: This is not a directory. The owner can read and write the file, and everyone else can only read it. This is the permission setup required on a file that you want to be visible on the web. The code is 644.