IT-Support Group
AC ISC MP PC TH NOMAD | FHI | Webmail    GNZ   

How can I change the permission of my homedirectory

For all user (Windows, SGI, NeXT, SUN, Linux, MAC)
Open a telnet (or ssh) connection to the fileserver on which your homedir is stored.

Use the chmod - command to change the permissions:

Every directory and file on the system has an owner, and also an associated group. It also has a set of permission flags which specify separate read, write and execute permissions for the user (owner), group, and other (everyone else with an account on the PP&B cluster)

The 'ls' command shows the permissions and group associated with files when used with the -l option. An example of the output produced by 'ls -l' is shown below

 drwxr-xr-x   8 weil  pc    1024 May 18  2002 Mail/ 
 -rw-r--r--   1 weil  pc  289596 May 21  2002 USER.DAT
 drwxr-xr-x  15 weil  pc     512 Aug  1  2003 profile/ 
 drwx------   8 weil  pc   13824 Aug  9  2001 weil/ 

Understanding how to read this output is useful to all users, but especially people using group access permissions.

Field 1:a set of ten permission flags
Field 2:link count (don't worry about this)
Field 3:owner of the file
Field 4:associated group for the file
Field 5:size in bytes
Field 6-8:date of last modification (format varies, but always 3 fields)
Field 9:name of file (possibly with path, depending on how ls was called)

The permission flags are read as follows (left to right)

1directory flag, 'd' if a directory, '-' if a normal file
 something else occasionally may appear here for special devices
2,3,4read, write, execute permission for User (Owner) of file
5,6,7read, write, execute permission for Group
8,9,10read, write, execute permission for Other
-in any position means that flag is not set
rfile is readable by owner, group or other
wfile is writeable. On a directory, write access means you can add or delete files
xfile is executable (only for programs and shell scripts - not useful for data files). Execute permission on a directory means you can list the files in that directory

The default file permissions (umask, for UNIX users):

Each user has a default set of permissions which apply to all files created by that user, unless the software explicitly sets something else. This is often called the 'umask', after the command used to change it. It is either inherited from the login process, or set in the .cshrc or .login file which configures an individual account, or it can be run manually.

Typically the default configuration is equivalent to typing umask 022 which produces permissions of:

 -rw-r--r-- for regular files, or
 drwxr-xr-x for directories.

In other words, user has full access, everyone else (group and other) has read access to files, lookup access to directories. <p> When working with group-access files and directories, it is common to use 'umask 2' which produces permissions of:

 -rw-rw-r-- for regular files, or
 drwxrwxr-x for directories.

For private work, use umask 077 which produces permissions:

 -rw------- for regular files, or
 drwx------ for directories.

The logic behind the number given to umask is not intuitive. The command to change the permission flags is "chmod". Only the owner of a file can change its permissions.

The command to change the group of a file is chgrp. Only the owner of a file can change its group, and can only change it to a group of which he is a member.

See the online manual pages for details of these commands on any particular system (e.g. man chmod).

Examples of typical usage are given below:

 chmod g+w myfile
 give group write permission to "myfile", leaving 
 all other permission flags alone

 chmod g-rw myfile
 remove read and write access to "myfile", leaving
 all other permission flags alone

 chmod g+rwxs mydir
 give full group read/write access to directory 
 "mydir", also setting the set-groupID flag so that
 directories created inside it inherit the group

 chmod u=rw,go= privatefile
 explicitly give user read/write access, and revoke 
 all group and other access, to file "privatefile"

 chmod -R g+rw
 give group read write access to this directory, and
 'everything' inside of it (-R = recursive)

 chgrp -R th
 change the ownership of this directory to group 'th'
 and 'everything' inside of it (-R = recursive).  
 The person issuing this command must own all the files
 or it will fail.

Putting umask 002 into a startup file (.login or .cshrc) will make these settings apply to everything you do unless manually changed. This can lead to giving group access to files such as saved email in your home directory, which is generally not desireable.

Making a file group read/write without checking what its group is can lead to accidentally giving access to almost everyone on the system. Normally all users are members of some default group such asusers, as well as being members of specific project-oriented groups. Don't give group access to users when you intended some other group.

Remember that to read a file, you need execute access to the directory it is in AND read access to the file itself. To write a file, you need execute access to the directory AND write access to the file. To create new files or delete files, you need write access to the directory. You also need execute access to all parent directories back to the root. Group access will break if a parent directory is made completely private.

Page last modified on 5. Jan 2005, at 11:10