Initially, a file's owner is identified by the user ID of the person who created the file. The owner of a file determines who may read, write (modify), or execute the file. Ownership can be changed with the chown command.
Every user ID is assigned to a group with a unique group ID. The system manager creates the groups of users when setting up the system. When a new file is created, the operating system assigns permissions to the user ID that created it, to the group ID containing the file owner, and to a group called others, consisting of all other users. The id command shows your user ID (UID), group ID (GID), and the names of all groups you belong to.
In file listings (such as the listings shown by the li or ls command), the three groups of users are always represented in the following order: user, group, and others. If you need to find out your group name, the groups command shows all the groups for a user ID.
You can change the owner of your files with the chown command.
When the -R option is specified, the chown command recursively descends through the directory structure from the specified directory. When symbolic links are encountered, the ownership of the file or directory pointed to by the link is changed; the ownership of the symbolic link is not changed.
Note: Only the root user can change the owner of another file. No errors are reported when the -f option is specified.
For example, to change the owner of the file program.c, enter:
chown jim program.c
The user access permissions for program.c now apply to jim. As the owner, jim can use the chmod command to permit or deny other users access to program.c.
For example, to change the owner and group of all files in the directory /tmp/src to owner john and group build, enter:
chown -R john:build /tmp/src
See the chown command in the AIX Version 4.3 Commands Reference for the exact syntax.
Every file has an owner. For new files, the user who creates the file is the owner of that file. The owner assigns an access mode to the file. Access modes grant other system users permission to read, modify, or execute the file. Only the file's owner or users with root authority can change the access mode of a file.
There are the three classes of users: user/owner, group, and all others. Access is granted to these groups in some combination of three modes: read, write, or execute. When a new file is created, the default permissions are read, write, and execute permission for the user who created the file. The other two groups have read and execute permission. The following table illustrates the default file access modes for the three sets of user groups:
Classes | Read | Write | Execute |
Owner | Yes | Yes | Yes |
Group | Yes | No | Yes |
Others | Yes | No | Yes |
Files can be read (r), written (w), or executed (x). The system determines who has permission and the level of permission they have for each of these activities. Access modes are represented two ways in the operating system: symbolically and numerically.
Access modes are represented symbolically, as follows:
For example, a file with the access modes set to rwxr-xr-x gives read and execute permission to all three groups, but write permission only to the owner of the file. This is the symbolic representation of the default setting.
The ls command, when used with the -l (lower case L) flag, gives a detailed listing of the current directory. The first 10 characters in the ls -l listing show the file type and permissions for each of the three groups. The ls -l command also tells you the owner and group associated with each file and directory.
The first character indicates the type of file. The remaining nine characters contain the file permission information for each of the three classes of users. The following symbols are used to represent the type of file:
- | Regular files |
d | Directory |
b | Block special files |
c | Character special files |
p | Pipe special files |
l | Symbolic links |
s | Sockets. |
For example, this is a sample ls -l listing:
-rwxrwxr-x 2 janet acct 512 Mar 01 13:33 january
Here, the first - (dash) indicates a regular file. Characters 2 through 4, rwx, represent the user's access mode (read, write, and execute). Characters 5 through 7, rwx, indicate the group's access modes (read, write, and execute). Characters 8 through 10, r-x, indicate read and execute access for all other users. Dashes within the last 9 characters indicate no permission is given.
janet is the file owner and acct is the name of Janet's group. 512 is the file size in bytes, Mar 01 13:33 is the last date and time of modification, and january is the file name. The 2 indicates how many links exist to the file.
Numerically, read access is represented by a value of 4, write permission is represented by a value of 2, and execute permission is represented by a value of 1. The total value between 1 and 7 represents the access mode for each group (user, group, and other). The following table illustrates how to determine the numerical values for each level of access:
Total Value | Read | Write | Execute |
0 | - | - | - |
1 | - | - | 1 |
2 | - | 2 | - |
3 | - | 2 | 1 |
4 | 4 | - | - |
5 | 4 | - | 1 |
6 | 4 | 2 | - |
7 | 4 | 2 | 1 |
When a file is created, the default file access mode is 755. This means the user has read, write, and execute permissions (4+2+1=7), the group has read and execute permission (4+1=5), and all others have read and execute permission (4+1=5). Access permission modes can be changed for files you own by running the chmod (change mode) command.
You can display the attributes of all the groups on the system or of the groups specified with the lsgroup command. If one or more attributes cannot be read, the lsgroup command lists as much information as possible. The attribute information displays as Attribute=Value definitions, each separated by a blank space.
For example, to list all of the groups on the system, enter:
lsgroup ALL
The system displays each group, group ID, and all of the users in the group in a list similar to the following:
system 0 arne,pubs,ctw,geo,root,chucka,noer,su,dea, backup,build,janice,denise staff 1 john,ryan,flynn,daveb,jzitt,glover,maple,ken gordon,mbrady bin 2 root,bin sys 3 root,su,bin,sys
To display specific attributes for all groups, you can use one of two styles for listing specific attributes for all groups:
lsgroup -a id users ALL | pgA list similar to the following displays:
system id=0 users=arne,pubs,ctw,geo,root,chucka,noer,su,dea,backup,build staff id=1 users=john,ryan,flynn,daveb,jzitt,glover,maple,ken
lsgroup -a -f id users ALL | pgA list similar to the following displays:
system: id=0 users=pubs,ctw,geo,root,chucka,noer,su,dea,backup,build staff: id=1 users=john,ryan,flynn,daveb,jzitt,glover,maple,ken bin: id=2 users=root,bin sys: id=3 users=root,su,bin,sys
To display all attributes for a specific group, you can use one of two styles for listing specific attributes for all groups::
lsgroup systemA list similar to the following displays:
system id=0 users=arne,pubs,ctw,geo,root,chucka,noer,su,dea, backup,build,janice,denise
lsgroup -f systemA list similar to the following displays:
system: id=0 users=arne,pubs,ctw,geo,root,chucka,noer,su,dea, backup,build,janice,denise
To list specific attributes for a specific group, enter:
lsgroup -a Attributes Group
For example, to list the ID and users for group bin, enter:
lsgroup -a id users bin
A list similar to the following displays:
bin id=2 users=root,bin
See the lsgroup command in the AIX Version 4.3 Commands Reference for the exact syntax.
You can modify the read, write, and execute permissions of specified files and modify the search permission codes of specified directories with the chmod command.
For example, to add a type of permission to files chap1 and chap2, enter:
chmod g+w chap1 chap2
This adds write permission for group members to the files chap1 and chap2.
For example, to make several permission changes at once to the mydir directory, enter:
chmod go-w+x mydir
This denies (-) group members (g) and others (o) the permission to create or delete files (w) in mydir and allows (+) group members and others to search mydir or use (x) it in a path name. This is equivalent to the command sequence:
chmod g-w mydir chmod o-w mydir chmod g+x mydir chmod o+x mydir
For example, to permit only the owner to use a shell procedure named cmd as a command, enter:
chmod u=rwx,go= cmd
This gives read, write, and execute permission to the user who owns the file (u=rwx). It also denies the group and others the permission to access cmd in any way (go=).
For example, to use the numeric mode form of the chmod command to change the permissions of the file text, enter:
chmod 644 text
This sets read and write permission for the owner, and it sets read-only mode for the group and others.
See the chmod command in the AIX Version 4.3 Commands Reference for more information and the exact syntax.