Unix Style File Permissions

In the Unix operating system (OS), there are permissions set on files and directories.  These permissions control what users and/or groups have access to read (r), write (w) to, or execute (x).  Below are examples of the permissions set on a directory and file under Unix.  You can see these by using the ls -l Unix command.



The first character represents the entry type.  The entry type for a directory is 'd'.  All files have a hyphen (-) as their entry type.  The remaining nine characters indicate the permissions themselves in 3 groups of three.  The character positions 2 through 4 show user (u) permissions; 5 through 7 are group (g) permissions; and 8 through 10 are other (o) permissions (users who are not the owner and are not members of the group own the file/directory, a.k.a. "the world").  A hyphen in a character position indicates a lack of permission for that item.

Changing Directory/File Permissions Using chmod

If you are the owner of a file or directory, you may use the chmod (change file access permissions) Unix command to change permissions.  When you use the ls -l Unix command, the owner and group owner of a file or directory will be listed after the permissions.  If you wanted to give the world permission to read and write to your home directory, then you would use the command below:

chmod o+rw /home/yourusername

You can also take away the read and write permissions by doing the following:

chmod o-rw /home/yourusername

The syntax of the chmod command is very simple.  By using the abbreviations given above, and the plus and minus symbols, you can change the add or remove permissions on files and directories you own.

/home Directory Permissions

In general, you do not want write access to your home directory from group or the world.  It is also not recommended that you grant read access to the world on home directories.  Thus, your default (and most secure) home directory permissions shouold look like: drwx------.  If you would like to allow members of your primary group read access to your home directory, then your permissions should look like: drwxr-x---.  

Your home directory should be no more permissive than rwxr-x--x.  By default, Jefferson Lab (JLab) computer user accounts are created such that the home directory has drwx------ permissions, which is the most secure.

How-To Change Home Directory Permissions

1.  Log into public Linux machine (jlabl1, 2, or 3)

  • Linux Users -- Use ssh to log into a jlablx machine
  • Windows Users -- Use PuTTY ssh client to log into a jlablx machine (can be found in your Programs menu)

2.  Check your current location:

jlabl1>  pwd

3.  Change your current location to ensure that you're in your home directory:

jlabl1>  cd /home/yourusername

4.  Check the current permissions in your home directory:

jlabl1>  ls -al

The top level permissions of your home directory are the dot (.) at the top of your home directory listing.

drwx------   71 username  groupowner         16384 Nov 23 15:28 .

The dot at the end of the line is where a file name or directory name would normally be, but the dot here represents the top level rights of your home directory.  As stated above, the preferred and most secure permissions on the dot would be drwx------ .