The chmod command in LINUX

The chmod command allows you to control who is allowed to have access to your files and directories.

Three kinds of access are involved:

• read a file
• write a file
• execute a file

You can dictate permissions for:

• the user (yourself)
• a group (defined by the UNIX administrator)
• all other users

Note: the UNIX system administrator has unlimited access to everything.

The default is that the user has complete access to the file or directory, and everyone else has read access.

There are two ways to use the chmod command. For a given file, we need to specify 9 bits of information:

        user                   group                   other
  
read  write  execute    read  write  execute    read  write  execute

yes    yes    yes       yes    yes    yes       yes    yes    yes
or     or     or        or     or     or        or     or     or
no     no     no        no     no     no        no     no     no

In each case, we represent "yes" with 1 and "no" with 0. This gives us a 9-digit binary number such as 111100100.

To make it easier to use, we regroup it as 3 groups of 3 bits, as in 111 100 100.

Next we interpret each group of 3 bits as a number between 0 and 7, as in 7 4 4.

Now we can use chmod by specifying this 3-digit number, as in:

     chmod 744 myfile

which gives the user complete access (7 or 111 in base 2), and gives everyone else only read access (4 or 100 in base 2).

We can do this for a directory. For instance:

     chmod 777 .

which will grant everyone complete access to the current directory. (The period represents the current directory.)

Or we could say

     chmod 700 bin

which allows the user unlimited access to the directory called bin and forbids anyone else to do anything with it.

The other way to use chmod is to change only the specific bits you want to change. To do this, we use abbreviations:

     u     for user                 +r    to grant read access
     g     for group                -r    to deny read access
     o     for other                +w    to grant write access
     a     for all                  -w    to deny write access
                                    +x    to grant execute access
                                    -x    to deny execute access

and then we specify, for a given file, what we want to change and who we want to affect.

For example, we could use:

     chmod a +rx  myfile

This grants read and execute access to everyone while leaving all other existing permissions the same. (This is what is needed for a WWW page, for example.)

An equivalent way to do the same thing would be

     chmod a+r
     chmod a+x

or

     chmod ugo+rx

We can also set permissions for multiple files at the same time. To do this, we use wild card characters:

     ?    matches any single character

     *    matches any number of characters (zero or more)

For example, we could use:

     chmod 700 prog?.C

This will set permissions on files with names such as prog1.C or progz.C but not on prog.c or prog12.C.

Another example might be

     chmod 700 prog*

This will set permissions on prog1.C, prog7.H, prog.c, etc.

You may want to read about wild card characters, which can also be used with other UNIX commands.

How do you need this in CSCI 241? You need to set permissions on your own directory to prevent anyone else from reading your files. This is for your own protection against possible charges of academic misconduct. If someone copies one of your program files, so the two of your turn in the same program, then both of you will be accused of cheating. To protect yourself, don't let anyone else read your files.