Initially, a file's owner is identified by the user ID of the person who created the file. The owner of a file determines who may read, write (modify), or execute the file. Ownership can be changed with the chown command.
Every user ID is assigned to a group with a unique group ID. The system manager creates the groups of users when setting up the system. When a new file is created, the operating system assigns permissions to the user ID that created it, to the group ID containing the file owner, and to a group called others, consisting of all other users. The id command shows your user ID (UID), group ID (GID), and the names of all groups you belong to.
In file listings (such as the listings shown by the ls command), the groups of users are always represented in the following order: user, group, and others. If you need to find out your group name, the groups command shows all the groups for a user ID.
To change the owner of your files, use the chown command.
When the -R option is specified, the chown command recursively descends through the directory structure from the specified directory. When symbolic links are encountered, the ownership of the file or directory pointed to by the link is changed; the ownership of the symbolic link is not changed.
Note: Only the root user can change the owner of another file. Errors are not displayed when the -f option is specified.
For example, to change the owner of the program.c file, type:
chown jim program.c
Press Enter.
The user-access permissions for the program.c file now apply to jim. As the owner, jim can use the chmod command to permit or deny other users access to the program.c file.
See the chown command in the AIX 5L Version 5.2 Commands Reference for the complete syntax.
Every file has an owner. For new files, the user who creates the file is the owner of that file. The owner assigns an access mode to the file. Access modes grant other system users permission to read, modify, or execute the file. Only the file's owner or users with root authority can change the access mode of a file.
There are the three classes of users: user/owner, group, and all others. Access is granted to these user classes in some combination of three modes: read, write, or execute. When a new file is created, the default permissions are read, write, and execute permission for the user who created the file. The other two groups have read and execute permission. The following table illustrates the default file-access modes for the three classes of user groups:
Classes | Read | Write | Execute |
Owner | Yes | Yes | Yes |
Group | Yes | No | Yes |
Others | Yes | No | Yes |
The system determines who has permission and the level of permission they have for each of these activities. Access modes are represented both symbolically and numerically in the operating system.
Access modes are represented symbolically, as follows:
The access modes for files or directories are represented by nine charactors. The first three charactors represent the current Owner permissions, the second sent of three charactors represents the current Group permissions, and the third set of three charactors represents the current settings for the Other permissions. A Hyphen (-) in the nine charactor set indicates that no permission is given. For example, a file with the access modes set to rwxr-xr-x gives read and execute permission to all three groups, but write permission only to the owner of the file. This is the symbolic representation of the default setting.
The ls command, when used with the -l (lower case L) flag, gives a detailed listing of the current directory. The first 10 characters in the ls -l listing show the file type and permissions for each of the three groups. The ls -l command also tells you the owner and group associated with each file and directory.
The first character indicates the type of file. The remaining nine characters contain the file permission information for each of the three classes of users. The following symbols are used to represent the type of file:
- | Regular files |
d | Directory |
b | Block special files |
c | Character special files |
p | Pipe special files |
l | Symbolic links |
s | Sockets. |
For example, this is a sample ls -l listing:
-rwxrwxr-x 2 janet acct 512 Mar 01 13:33 january
Here, the first hyphen (-) indicates a regular file. The next nine charactors (rwxrwxr-x represent the User, Group, and Other access modes, as discussed above. janet is the file owner and acct is the name of Janet's group. 512 is the file size in bytes, Mar 01 13:33 is the last date and time of modification, and january is the file name. The 2 indicates how many links exist to the file.
Numerically, read access is represented by a value of 4, write permission is represented by a value of 2, and execute permission is represented by a value of 1. The total value between 1 and 7 represents the access mode for each group (user, group, and other). The following table illustrates the numeric values for each level of access:
Total Value | Read | Write | Execute |
---|---|---|---|
0 | - | - | - |
1 | - | - | 1 |
2 | - | 2 | - |
3 | - | 2 | 1 |
4 | 4 | - | - |
5 | 4 | - | 1 |
6 | 4 | 2 | - |
7 | 4 | 2 | 1 |
When a file is created, the default file access mode is 755. This means the user has read, write, and execute permissions (4+2+1=7), the group has read and execute permission (4+1=5), and all others have read and execute permission (4+1=5). To change access permission modes for files you own, run the chmod (change mode) command.
To display the attributes of all the groups on the system (or of specified groups), use the lsgroup command. If one or more attributes cannot be read, the lsgroup command lists as much information as possible. The attribute information displays as Attribute=Value definitions, each separated by a blank space.
To list all of the groups on the system, type:
lsgroup ALL
Press Enter.
The system displays each group, group ID, and all of the users in the group in a list similar to the following:
system 0 arne,pubs,ctw,geo,root,chucka,noer,su,dea, backup,build,janice,denise staff 1 john,ryan,flynn,daveb,jzitt,glover,maple,ken gordon,mbrady bin 2 root,bin sys 3 root,su,bin,sys
To display specific attributes for all groups, do either of the following:
lsgroup -a id users ALL | pg
Press Enter. The addition of the lists the attributes.
A list similar to the following displays:
system id=0 users=arne,pubs,ctw,geo,root,chucka,noer,su,dea,backup,build staff id=1 users=john,ryan,flynn,daveb,jzitt,glover,maple,ken
lsgroup -a -f id users ALL | pg
Press Enter.
A list similar to the following displays:
system: id=0 users=pubs,ctw,geo,root,chucka,noer,su,dea,backup,build staff: id=1 users=john,ryan,flynn,daveb,jzitt,glover,maple,ken bin: id=2 users=root,bin sys: id=3 users=root,su,bin,sys
To display all attributes for a specific group, you can use one of two styles for listing specific attributes for all groups:
lsgroup system
Press Enter.
A list similar to the following displays:
system id=0 users=arne,pubs,ctw,geo,root,chucka,noer,su,dea,backup,build,janice,denise
lsgroup -f system
Press Enter.
A list similar to the following displays:
system: id=0 users=arne,pubs,ctw,geo,root,chucka,noer,su,dea, backup,build,janice,denise
To list specific attributes for a specific group, type:
lsgroup -a Attributes Group
Press Enter.
For example, to list the ID and users for group bin, type:
lsgroup -a id users bin
Press Enter.
A list similar to the following displays:
bin id=2 users=root,bin
See the lsgroup command in the AIX 5L Version 5.2 Commands Reference for the complete syntax.
To modify the read, write, and execute permissions of specified files and modify the search permission modes of specified directories, use the chmod command.
chmod g+w chap1 chap2
Press Enter.
This adds write permission for group members to the files chap1 and chap2.
chmod go-w+x mydirPress Enter.
This denies (-) group members (g) and others (o) the permission to create or delete files (w) in the mydir directory and allows (+) group members and others to search the mydir directory or use (x) it in a path name. This is equivalent to the following command sequence:
chmod g-w mydir chmod o-w mydir chmod g+x mydir chmod o+x mydir
chmod u=rwx,go= cmdPress Enter.
This gives read, write, and execute permission to the user who owns the file (u=rwx). It also denies the group and others the permission to access cmd in any way (go=).
chmod 644 textPress Enter.
This sets read and write permission for the owner, and it sets read-only mode for the group and others.
See the chmod command in the AIX 5L Version 5.2 Commands Reference for the complete syntax.