Carnegie Mellon University Website Home Page
 

File Protection Using CHMOD

Files in the AFS distributed file system use access control lists for the directories they are in, and most protections are set on directories using the fs sa command (or pts command for groups). Files on a local disk, however, do not have access control lists, so the chmod (change file mode) command must be used to set access to an individual file.

Chmod allows you to control whether a file can be read or written at all. If you turn off writing for a file, you will prevent anyone, including yourself, from writing to that file; the same applies to reading a file. If you turn on writing for a file, you allow anyone write access to that file if they already have write access to the file's directory; the same appliles to read and execute access; use the "man chmod" command for more information.

  • To turn off write access for a file: chmod -w filename
  • To turn off read access for a file: chmod -r filename
  • To turn off execute access for scripts and executable files: chmod -x filename
  • To turn on write access for a file: chmod +w filename
  • To turn on read access for a file: chmod +r filename
  • To turn on execute access for scripts and executable files: chmod +x filename

Most protections on Andrew are set on directories. Therefore, even if you change the protections on an individual file using the chmod command, other users may still have access rights (or regain access rights) to that file based on their access rights to the directory in which the file resides.

Last Updated: 12/1/11