A Quick Overview of Unix-Style Permissions
This is a copy of an overview I wrote for people that were coming across an laravel-based file permission GitHub issue in the BookStack project. Adding it here as an easier location to reference.
There are other, more extensive & technical breakdowns but this is intended to give a developer a 10 minute run-down of the basics.
Files and folders have 3 main permissions:
Files and folders are also assigned an
You can run
ls -alh in the terminal to show the files and folders with their permissions:
# ls -alh drwxrwxr-x 5 dan dan 4.0K May 28 13:58 . drwxrwxr-x 18 dan dan 4.0K Jun 9 10:38 .. -rw-r--r-- 1 dan dan 5.6K Dec 10 18:19 book_default_cover.png drwxr-xr-x 2 dan dan 4.0K Jun 9 10:40 dist -rw-rwxr-- 1 www-data dan 11K Oct 26 2016 favicon.ico -rw-r--r-- 1 dan dan 412 Aug 9 2017 .htaccess
The permissions are on the left, in the first column. The starting
d is shown if it’s a directory. Then there are three sets of
- The first set of
rwxis the permissions for the owner.
- The second set of
rwxis the permissions for the group.
- The third set of
rwxis the permissions for everyone else.
Each of these characters represents read, write or execute. A hyphen (
-) is shown instead if the permission is not granted. Note that execute permissions are required on folders to enter them.
The owner assigned to a file/folder can be seen in the third column. The group can be seen in the fourth. In the example above the file
favicon.ico is assigned to the group
dan and is owned by
www-data. The owner
www-data has permission to read and write the file. The group
dan has permission to read, write, or execute the file. Everyone else can only read the file.
Permissions may also be shown as numbers in an octal format. In the octal format each permission has a number:
- Read = 4
- Write = 2
- Execute = 1
- No permission = 0
These numbers are summed together into a single digit. For example, Having all permissions will be shown as a
7 or only having Read+Execute permissions will be shown as a
5. These totals are often used in a set of 3 to represent the permissions for the group, owner & everyone else.
In the example command output above, the permissions for
favicon.ico could be shown as
.htaccess file permissions could be shown as
644. All permissions granted to everyone would show as
There are two main commands for controlling permissions:
chmod(Change mode), Used to set permissions.
chown(Change ownership), Used to change the owner and group.
For both of these commands using
-R will set permissions recursively upon all child files and directories.
# Format: chmod [OPTIONS] PERMISSONS FILES... # Example: # Grant the owner and group 'read+write+execute' permissions # Give everyone else 'read and execute' permissions # In the './storage' directory and all files+folders within. chmod -R 775 ./storage
# Format: chown [OPTIONS] USER:GROUP # Example: # In the './storage' directory and all files+folders within # Set the owner to be 'dan' and set the group to be 'www-data' chown -R dan:www-data ./storage
For things such as file uploads, you’d generally want these to be both readable and writable by the webserver. The user and group your web server runs as will depend on your system and config. On ubuntu it’s common for apache and nginx to run as
www-data, both as the owner and group. In this case, If i wanted to give the webserver permission to upload and serve files within the
./storage directory I might do the following:
# Recursively set myself as the owner and the web server as the assigned group chown -R dan:www-data ./storage # Recursively allow myself and the webserver to Read, Write and Execute files & folders # While allowing everyone else to only Read or Execute chmod -R 775 ./storage