Difference between revisions of "Chmod"

Sumber: http://www.washington.edu/computing/unix/permissions.html

Files and directories in Unix may have three types of permissions: read (`r'), write (`w'), and execute (`x'). Each permission may be `on' or `off' for each of three categories of users: the file or directory owner; other people in the same group as the owner; and all others. Files

To determine the mode (or permission settings) of a particular file, use the command

ls -lg filename

This command will produce a message similar to the following:

-rwxr-x--x 1 owner group 2300 Jul 14 14:38 filename

The string of 10 characters on the left shows the mode. The initial character ('-' in this case) indicates what type of file it is. A '-' indicates that the file is a plain file. The character 'd' means it is a directory. Characters 2-4 are, respectively, `r', `w', or `x' if the corresponding permission is turned on for the owner or `-' if the permission is turned off. Characters 5-7 similarly show the permissions for the group; characters 8-10 for all others. The second string shows the number of links that exist to the file. The third string identifies the owner of the file and the fourth string tells what group the owner of the file is in.

To change the mode of a file, use the chmod command. The general form is

chmod X@Y file1 file2 ...

where: X is any combination of the letters `u' (for owner), `g' (for group), `o' (for others), `a' (for all; that is, for `ugo'); @ is either `+' to add permissions, `-' to remove permissions, or `=' to assign permissions absolutely; and Y is any combination of `r', `w', `x'. Following are some examples:

chmod u=rx file        (Give the owner rx permissions, not w)
chmod go-rwx file      (Deny rwx permission for group, others)
chmod g+w file         (Give write permission to the group)
chmod a+x file1 file2  (Give execute permission to everybody)
chmod g+rx,o+x file    (OK to combine like this with a comma)

Directories

The permission scheme described above also applies to directories. For a directory, whoever has `read' permission can list files using the ls command (and thus discover what files are there); whoever has `write' permission can create and delete files in that directory; whoever has execute permission can access a file or subdirectory of known name. To find out the mode of a directory:

ls -dl dir ...  Show permissions for
                the named directory(ies)

ls -al dir ...  Long list of all files
                in named directory(ies)
                (including those with names
                     starting in `.')

If no directories are specified, the listing is for all files in the current directory. The output will look something like:

drwx------12 fred        592 Jul 11 13:46 .
drwxr-xr-x24 root       1424 Jul 10 13:07 ..

The initial `d' in the 10-character mode string indicates that the file is a directory. The file name `.' always refers to the current directory; the file name `..' always refers to the parent of the current directory. Thus, this output shows the permissions for the current directory and its parent. More Information

For more information, including octal specification of permissions, refer to the Unix User's Manual pages for chmod(1) and ls(1). To view these online, enter

man chmod
man ls

A variable called `umask' is used as a permission mask for all newly created files and directories. Umask is a 3 digit octal number. The default umask is 022 = 000 010 010 binary. The two one bits prevent "group" and "other" write permission. So, a newly created file will have rwx permission for the owner, and rx permission for group and others. A umask of 077 = 000 111 111 would cause new files to have no permissions set for group and others. In order to use a umask other than the default, you should include the line `umask num' (where num is an octal number) in your .cshrc file. For more about umask, enter

man umask

An Example - Fred and Joe Want to Share Files

There may be times that you want to copy a file from someone else's directory. How can you access that directory and copy the file? The following scenario describes the process.

Suppose that user `joe' wants to copy the file `prog.f' from user `fred.' At the Unix prompt, Fred should type

chmod go+x ~

This command changes the mode of Fred's home directory (represented by the ~), giving permission to all users to get to files in that directory. Therefore, Joe can access any file, of which he knows the name, in Fred's home directory. Fred has told Joe that the file he wants is called `prog.f,' so now Joe types

cp ~fred/prog.f prog.f

If Joe had an existing file with the name `prog.f,' which he did not want overwritten by Fred's file, he could instead type

 cp ~fred/prog.f prog2.f

If Joe receives a message from the system saying that he is denied permission to copy the file, Fred should make the file readable by others, changing its mode by entering

chmod go+r prog.f

If Joe wanted to copy several files from Fred's home directory, for example `prog.a,' `prog.b,' `prog.c,' and to give these files the same names in his own home directory, he would type

cp ~fred/prog.a ~fred/prog.b ~fred/prog.c .

The period (.) at the end of the command line specifies that the files are to be copied into Joe's current directory (which in this case is his home directory).

Once Joe has copied the files, Fred will probably want to change the mode of his home directory so that it is no longer accessible to the world at large. To do this, Fred should type

chmod go-rx ~

As you can see, a + sign used with `chmod' adds accessibility and a - sign takes it away. It is possible to use these features on directories of all levels and all files within those directories, individually or as a group. For detailed online information about the `chmod' command, enter

man chmod

Referensi

• http://www.washington.edu/computing/unix/permissions.html