Octal | Binary | ||
---|---|---|---|
R |
W |
X |
|
4 | 2 | 1 | |
0 | 0 | 0 | 0 |
1 | 0 | 0 | 1 |
2 | 0 | 1 | 0 |
3 | 0 | 1 | 1 |
4 | 1 | 0 | 0 |
5 | 1 | 0 | 1 |
6 | 1 | 1 | 0 |
7 | 1 | 1 | 1 |
chmod
The chmod
command can be used with either a text-based
argument or 3 octal digits (see note 1)
to change the permissions on a file.
An example of the text-based command to add "read" permission for group
members and others to a file named foo
is:
/home/user> ls -l foo -rwx--x--- 1 user user 78 Aug 14 13:08 foo /home/user> chmod go+r foo /home/user> ls -l foo -rwxr-xr-- 1 user user 78 Aug 14 13:08 foo /home/user>
Each permission can be thought of as a single binary digit that is
"1
"if the permission is granted and "0
"
if not.
The nine permissions are naturally grouped into three sets of 3
permissions each.
The first set is the permissions for the owner,
the second set is the permissions for group members,
and the last set is the permissions for others.
Each set of three binary digits can be represented with a single octal
digit.
For example, to grant read ("R
") and execute
("X
") but not write ("W
") permissions,
the three binary digits should be 1 0 1
.
Looking this up in the chart show that the corresponding octal
digit is 5
.
Another way to see the same result is to note the weights
shown in the chart for each permission.
By adding up the weights for the permissions you wish to grant,
the octal digit is easily obtained.
For example, to grant read ("R
") and write ("W
")
but not execute ("X
"), you sum the weight for read
(4
) and write (2
) to get the octal digit
6
.
umask
The umask
command changes an environment setting
that controls which permissions newly created files will have.
This command will never change the permissions of any existing files.
And unless extra steps (not discussed here) are taken, the new setting
will be forgotten as soon as you log off.
To view the current setting, enter the command "umask
".
This will report the current setting as a set of three octal digits.
(See note 2.)
To change the setting, enter the command
,
where umask new_value
new_value
is three octal digits.
The first digit is the mask for the file owner (or user), the second is the
mask for the group, and the third is the mask for all others.
Each octal digit is expanded to three binary digits, to set the value for
each individual permission bit of the nine permission bits (three groups of
three).
It is important to understand that the umask
setting doesn't
enforce a set of permissions for new files.
Instead it blocks permissions from files.
To complicate matters ever more (if possible), a zero binary digit will
allow that permisison while a one will block that permission.
This is backwards from they way people expect after learning
chmod
.
Consider the following examples:
/home/user> umask 027 /home/user> umask 000 # allow any permissions /home/user> umask 077 # block all permissions for group, others /home/user>
The first example show how to view the current setting, which block
write permission ("W
") for the group and all permissions
for others.
The second example doesn't block any permissions, and the last example
blocks all permissions.
Different commands in Unix will create files using a Unix API (a system
call) called creat
.
The programmer tells creat
what permissions are desired for
the new file.
For example the vi
command attempts to create files with
read and write permissions for all users, whereas the C compiler attemps
to create files with all permissions for all users.
The request permissions will be granted unless blocked by umask
.
To understand this better, try setting the umask
value to
000
, then create a new file using vi
.
Now see what permissions the file has by using the ls -l
command.
Try other values and then create new files and see what permissions the
files end up with.
Actually up to four octal digits can be entered. This document does not discuss all the features and the concepts of either permissions or of the chmod and umask commands. (Back)
On some older Unix systems, leading zeros in the numeric output of
commands such as umask
were suppressed.
So an output of
for 0
or 000
for 02
was common to see.
(Back)
002