File permissions (umask & chmod)

[last updated - 03 August 2003]

Introduction

If you are writing SAS programs then presumably you are working as part of a team and there may be cases where other programmers in your team need to update your programs (for whatever reason). Maybe you have had to do this but you find you don't have "write access" to that person's program. Also, maybe other programmers have complained to you that they do not have write access to your programs and could you please "change the permissions" so they can. In the last case then maybe you have a GUI interface with Unix and you locate the file and change its file permission by checking on the box that allows your group (team) members to write to this file. It can become a nuisance if you have many programs where only you have write access and others need to update it. If you are away from your desk then time will be lost and frustration can lead to errors being made. But if you have a good understanding of file permissions in Unix and you understand about the umask and chmod functions then all will become easy.

umask

First I will tell you about umask but only enough for now. You will have a Unix login member somewhere that gets run when you log in. What this is called varies from site to site but it will be in your home directory as a "hidden file" (which you can reveal using the ls -a command). In that login member, that you are allowed to edit, there is usually a umask setting. It is quite often set to umask 022 when a new user account is created and you might still be using that value. But to allow your team members to edit your program code you have to change it to umask 002. By changing the middle "2" to "0" you allow others in your team to edit your files. It is important to check on this and make this change to 002 if you find it otherwise. And all your team members should ensure they are using 002. This will solve the problem of not having write access to each others code. What the umask setting does is change the default permission of a file when you create it. The middle "2" says that you don't want your team members to be able to edit your file. When you change it to "0" then by default they can. This is the default action on creating a file. You can always change permissions after creating it if, for example, you really did not other team members to edit your file. You could stop them from even reading it, if you liked. Umask just has this effect when you first create a file. You'll get to understand why it is a "2" after reading the next section on chmod. But don't bother thinking about it for now. All you need to know at this stage is that you and all members of your team should use the setting "umask 002" in your login members and you will rarely have problems editing each others code members.

chmod

The chmod command is used for altering file permissions. Now you might be lucky and have a front end to Unix and you can just change permissions by clicking in the right box. But what if you had to do this for ALL your programs in a directory? There might be scores of them. You would save yourself a lot of time in this case by knowing how to use chmod to change their permissions in bulk. This is what we are going to learn here.

Before we start, you have to learn that there are three sets of permissions. The ones that affect the user (the owner - you) , group (your team) and others. And there are in turn three types of access to choose from, read, write and execute. Note that I have highlighted the letter u, g and o for user, group and others and r, w, and x for read, write and execute. That is because you can use these letters with the chmod utility if you wish. Usually, the chmod function is used with a three digit number. The first digit refers to the user, the second to the group and the third to others (sometimes it is a four digit number in which case the left-most digiit is used for something different). The actual number is a binary setting for the permissions where x=1 , w=2 and r=4. So if you changed a file permission like this chmod 666 then you would be allowing read and write permission for yourself, your team and anybody else. You do not normally allow outsiders to you team to edit your work but you would often allow them to read it so you would set this instead to chmod 664 . If this were a script library and the files had to be executable for them to work then chmod 775 would allow anybody to read them or exeute them but only you or your team to edit them. This utility can be used on multiple files using a wildcard so if you wanted everybody in your team to be able to update your sas programs then chmod 664 *.sas will do this. You will get error messages out where it matched files belonged to other people, since you can not change the permissions for other peoples files, but all your files would have their permissions changed. Now suppose your project had finished and you did not want anybody to update or delete and of the sas programs. Then chmod 444 would have this effect.

And now back to umask. Umask has three digits as well and these correspond to the digits in chmod. It is effectively masking settings for chmod. So if you have a setting umask 022 it is masking the write attribute for group (your team) and others but f you have setting umask 002 then it only masks the write attribute for others. umask and chmod work together like this.

Viewing file permissions

To see the permissions that files have you use the ls -l command (the -l indicating long form). You will see something like this:

-rwxr-xr-x

..on the far left. The first position is just a "-" to indicate a file (it will be "d" for a directory and "l" for a link). The next three positions are the read, write execute setting for the user (the owner). The next three are for the group and the last three for others. So in the example above you see that it is a file and the user (owner) had read, write and execute permissions, the group has read and execute permissions and others have the same as the group.

chmod toggling

Instead of using chmod in the form chmod nnn you can toggle on and off the permissions using letter notation. Not all implementations of Unix work the same way, though. For example, you could switch on execute permissions for all users with chmod +x or alternatively toggle it off with chmod -x . You could apply this to just group and others like this chmod go+w (toggle on write for group and others). You could specify it like this chmod go=rx (group and others have rx access) but this is not toggling but rather setting things directly. You should refer to documentation for full information on this.

chmod calculator

Peter Crouch has a chmod calculator that uses Javascript on his page here http://javascriptkit.com/script/script2/chmodcal.shtml and it is included below. This could help you with the chmod numeric settings.


 
Chmod
Permission Owner Group Other
Read
Write
Execute

This free script provided by
JavaScript Kit

Go back to the home page.

E-mail the macro and web site author.