File permissions (umask & chmod)
[last updated - 03 August 2003]
If you are writing SAS programs then presumably you are working as part
of a team and there may be cases where other programmers in your team need
to update your programs (for whatever reason). Maybe you have had to do
this but you find you don't have "write access" to that person's program.
Also, maybe other programmers have complained to you that they do not have
write access to your programs and could you please "change the permissions"
so they can. In the last case then maybe you have a GUI interface with
Unix and you locate the file and change its file permission by checking
on the box that allows your group (team) members to write to this file.
It can become a nuisance if you have many programs where only you have
write access and others need to update it. If you are away from your desk
then time will be lost and frustration can lead to errors being made. But
if you have a good understanding of file permissions in Unix and you understand
about the umask and chmod functions then all will become
First I will tell you about umask but only enough for now. You will
have a Unix login member somewhere that gets run when you log in. What
this is called varies from site to site but it will be in your home directory
as a "hidden file" (which you can reveal using the
ls -a command).
In that login member, that you are allowed to edit, there is usually a
umask setting. It is quite often set to umask 022 when a new user
account is created and you might still be using that value. But to allow
your team members to edit your program code you have to change it to umask
002. By changing the middle "2" to "0" you allow others in your team
to edit your files. It is important to check on this and make this change
to 002 if you find it otherwise. And all your team members should ensure
they are using 002. This will solve the problem of not having write access
to each others code. What the umask setting does is change the default
permission of a file when you create it. The middle "2" says that you don't
want your team members to be able to edit your file. When you change it
to "0" then by default they can. This is the default action on creating
a file. You can always change permissions after creating
it if, for example, you really did not other team members to edit your
file. You could stop them from even reading it, if you liked. Umask just
has this effect when you first create a file. You'll get to understand
why it is a "2" after reading the next section on chmod. But don't
bother thinking about it for now. All you need to know at this stage is
that you and all members of your team should use the setting "umask
002" in your login members and you will rarely have problems editing
each others code members.
The chmod command is used for altering file permissions. Now you
might be lucky and have a front end to Unix and you can just change permissions
by clicking in the right box. But what if you had to do this for ALL your
programs in a directory? There might be scores of them. You would save
yourself a lot of time in this case by knowing how to use chmod
to change their permissions in bulk. This is what we are going to learn
Before we start, you have to learn that there are three sets of permissions.
The ones that affect the user (the owner - you) , group (your
team) and others. And there are in turn three types of access to
choose from, read, write and execute. Note that I
have highlighted the letter u, g and o for user, group
and others and r, w, and x for read, write and execute.
That is because you can use these letters with the chmod utility if you
wish. Usually, the chmod function is used with a three digit number. The
first digit refers to the user, the second to the group and the third to
others (sometimes it is a four digit number in which case the left-most
digiit is used for something different). The actual number is a binary
setting for the permissions where x=1 , w=2 and r=4.
So if you changed a file permission like this chmod 666 then you
would be allowing read and write permission for yourself, your team and
anybody else. You do not normally allow outsiders to you team to edit your
work but you would often allow them to read it so you would set this instead
to chmod 664 . If this were a script library and the files had to
be executable for them to work then chmod 775 would allow anybody
to read them or exeute them but only you or your team to edit them. This
utility can be used on multiple files using a wildcard so if you wanted
everybody in your team to be able to update your sas programs then chmod
664 *.sas will do this. You will get error messages out where it matched
files belonged to other people, since you can not change the permissions
for other peoples files, but all your files would have their permissions
changed. Now suppose your project had finished and you did not want anybody
to update or delete and of the sas programs. Then chmod 444 would
have this effect.
And now back to umask. Umask has three digits as well and these correspond
to the digits in chmod. It is effectively masking settings for chmod. So
if you have a setting umask 022 it is masking the write attribute
for group (your team) and others but f you have setting umask
002 then it only masks the write attribute for others.
umask and chmod work together like this.
Viewing file permissions
To see the permissions that files have you use the ls -l command
(the -l indicating long form). You will see something like
..on the far left. The first position is just a "-" to indicate a file
(it will be "d" for a directory and "l" for a link). The next three positions
are the read, write execute setting for the user (the owner). The next
three are for the group and the last three for others. So in the example
above you see that it is a file and the user (owner) had read, write and
execute permissions, the group has read and execute permissions and others
have the same as the group.
Instead of using chmod in the form chmod nnn you can toggle on and
off the permissions using letter notation. Not all implementations of Unix
work the same way, though. For example, you could switch on execute permissions
for all users with chmod +x or alternatively toggle it off with
-x . You could apply this to just group and others like this
go+w (toggle on write for group and others). You could specify it like
this chmod go=rx (group and others have rx access) but this is not
toggling but rather setting things directly. You should refer to documentation
for full information on this.
below. This could help you with the chmod numeric settings.
This free script provided by
Go back to the home page.
E-mail the macro and web site author.