Permissions and Environment variables

Learning objectives

Grant or restrict access to files on a multi-user UNIX system
View “Environment Variables” in Shell
Describe the $PATH variable and how to append it

Approximate time: 40 minutes

Permissions

Every file and directory has an owner, a group, and a set of read/write/execute permissions for three categories: the owner (u), the group (g), and everyone else (o).

Let’s see what groups we all belong to. Type groups into the command prompt.

$ groups

Depending on our affiliation, we all belong to at least a couple of groups. Since we are all using training accounts you will likely see the groups listed below:

training01
training

The user-and-group model means that for each file/directory every user on the system falls into one of three categories:

user or u: the owner
group or g: a member of the group the file/directory belongs to
others or o: everyone else

For each of these three categories, the computer keeps track of whether people in that category can read the file (r), write to the file (w), or execute the file (i.e., run the program written in it) (x). More about this aspect of permissions is coming up later in this lesson.

Let’s look at this model in action by running the command ls -l /opt/courses/unix_lessons, to list the files in that directory:

$ ls -l /opt/courses/unix_lesson/
total 20
drwxrwxr-x 2 evilliers www-data  78 Oct  6 10:57 genomics_data
drwxrwxr-x 2 evilliers www-data  73 Oct  6 10:57 other
drwxrwxr-x 5 evilliers www-data 302 Oct  6 11:53 raw_fastq
-rw-rw-r-- 1 evilliers www-data 377 Oct  6 10:57 README.txt
drwxrwxr-x 2 evilliers www-data  62 Oct  6 10:57 reference_data

The first column shows permissions; the third and fourth columns show the owner and group.

Interpreting the permissions string

Let’s have a closer look at one of those permission strings in the first column for the README.txt file:

-rw-rw-r--

The first character indicates the type of file. Among the different types, a leading dash (-) means a regular file, while a d indicates a directory.

In our case, it is - which means README.txt is a regular file.

The next 9 characters are usually some combination of r, w and x, where:

r = read permission

w = write/edit permission

x = execute permission (run a script/program or traverse a directory).

The 9 characters after the type flag are three triplets for owner, group, and others respectively. rw-rw-r-- means the owner and group can read and write, while everyone else can only read. A - means that permission is off.

Changing permissions

To change permissions, we use the chmod command (whose name stands for “change mode”). The arguments we provide chmod include:

Whose permissions are we changing? (“user” u, “group” g, or “other” o)
Are we adding permissions (+) or removing permissions (-)?
Which permissions (or combination of) would we like to add/remove? (“read” r, “write” w, and “execute” x)

Let’s make our README.txt file inaccessible to all users other than you and the group the file belong to. Currently, everyone else is able to read the file.

$ ls -l ~/unix_lesson/README.txt

-rw-rw-r-- 1 evilliers evilliers 377 May  4 14:28 ~/unix_lesson/README.txt

$ chmod o-r ~/unix_lesson/README.txt         # the "-" after o denotes removing that permission

$ ls -l ~/unix_lesson/README.txt

-rw-rw---- 1 evilliers evilliers 377 May  4 14:28 ~/unix_lesson/README.txt

The o signals that we’re changing the privileges of “others” which also represents “everyone else” as we have referred to throughout this lesson.

Let’s change it back to allow it to be readable by others:

$ chmod o+r ~/unix_lesson/README.txt         # the "+" after o denotes adding/giving that permission

$ ls -l ~/unix_lesson/README.txt

-rw-rw-r-- 1 evilliers evilliers 377 May  4 14:28 ~/unix_lesson/README.txt

If we wanted to make this an executable file for ourselves (the file’s owners) we would say chmod u+x, where the u signals that we are changing permission for the file’s owner. To change permissions for the “group”, you’d use the letter g, e.g. remove write permissions for the group with chmod g-w.

Exercise

If ls -l myfile.php returns the following details:

-rwxr-xr-- 1 caro zoo  2312  2014-10-25 18:30 myfile.php

Which of the following statements is true?

members of caro (a group) can read, write, and execute myfile.php
members of zoo (a group) cannot execute myfile.php
caro (the owner) can read, write, and execute myfile.php

Answer
The third statement is true.

Environment Variables

Environment variables describe the shell environment and are always upper case. The two most important ones are $HOME (path to your home directory) and $PATH (colon-separated list of directories searched when you type a command). Use echo to inspect them.

Let’s see what is stored in $HOME:

$ echo $HOME

Now inspect $PATH:

$ echo $PATH

The shell searches these directories in order when you type a command. Use which to find where a command lives:

$ which ls

Exercise

Are the directories listed by the which command within $PATH?

Answer

It should be. For example, if you would like to check the directory of command pwd - the output for which pwd is /usr/bin/pwd, and /usr/bin is within $PATH.

Modifying Environment Variables

Use export to add a directory to $PATH. Always include $PATH itself so existing directories are preserved:

$ export PATH=$PATH:~/opt/bin   # adds to end
$ export PATH=~/opt/bin:$PATH   # adds to front (searched first)

To make changes permanent, add the export line to ~/.bashrc. This file runs automatically each time you log in.

$ ls -al ~/

This lesson has been modified from a course developed by members of the teaching team at the Harvard Chan Bioinformatics Core (HBC). These are open access materials distributed under the terms of the Creative Commons Attribution license (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

The materials used in this lesson were derived from work that is Copyright © Data Carpentry (http://datacarpentry.org/). All Data Carpentry instructional material is made available under the Creative Commons Attribution license (CC BY 4.0).
Adapted from the lesson by Tracy Teal. Original contributors: Paul Wilson, Milad Fatenejad, Sasha Wood and Radhika Khetani for Software Carpentry (http://software-carpentry.org/)