Tech

Tutorial

A (Somewhat) Easy Trick to Understanding File Permission Octals

June 01, 2017

 Craig Dorety Collapsed Hyperbola

In Unix, file permissions are represented in a set of nine letters (with an additional single letter beforehand as a prefix to signify if the file is a directory or not).

-rwxwr-r--
This cluster can be broken up into three groups (after the initial directory indicator), scanning left to right: A set of three permissions for the owner of the file, a set of three for the group (a group of other users that the user is part of) and a set of three for everybody (or "others").

The letters used to represent permissions are "r," "w," and "x." For each of the three groups, they are always in the same order: rwx. The "r" permits the reading of the file, The "w" permits writing to the file, that is to say the ability to make changes to the file, and the "x" permits the execution, or running the file (assuming it is an executable file or script).

If no permission is granted for that action then a dash ("-") is inserted into its place, instead of the appropriate letter.

So for instance:

-rwxwr-r--
...may be broken down into three sections, one for the owner ("rwx"), one for the group("rw-") and one for the everyone ("r--").

In this case, the owner has full read/write/execute permissions ("rwx"), while the group has read and write permissions but no execute permission ("rw-") and others get only read permission ("r--").

These file permissions are all bundled in one line, and revealed at the command line, with the "ls -l" command for listing the file attributes of all the files in a directory.

But that is not what I am here to talk to you about. I'm here to discuss....

Numerical Representation

File permissions can be represented not only with rwx's but also in octals, or a set of three numbers in Base-8 (that is to say a number system that uses only 0 through 7). You can specify changes using octals in the command to change permissions, chmode.

These octal permissions will be three digits. For instance, the "-rwxwr-r--" above, octally speaking, will be "764."

From left to right, the first digit represents the permissions for user, the second one is for the group and the third one is for others.

I will show you an easy way to derive this number.

The trick is to convert each set of rwx file permissions into a three-digit binary number. Then, all 3 sets can be converted into a single three-digit octal number.

The trick is understanding how binary numbering works. Binary is a Base-2 system. A digit is either 0 or a 1, and all numbers can be represented this way, given enough binary positions. You just keep carrying over, just like in Base-10.

For octal numbering systems, we'll need only the first 8 numbers (in our base-10 system) in binary. They are:

0        is in binary        000
1        is in binary        001
2        is in binary        010
3        is in binary        011
4        is in binary        100
5        is in binary        101
6        is in binary        110
7        is in binary        111
If you memorize the formula for binary numbers, you can derive these quite easily. Reading right to left, each position of the three binary set represents a different number in the Base-10 numeric system. The first space represents a "1," the second a "2," and the third a "4" (in essence, the values double for every move to the left).

So, to read the binary string, you can basically add up all the values that each 1 represents, as determined by the column that 1 is in. In other words, just look to see if there is a 1 in each column. If there is a 1 in a column, you add the number that that column represents into the total. So for instance, "111" in binary would represent "7" because it would be 4 + 2 + 1.

Now, what is interesting about the file permissions is that, thanks to the use of octals, the rwx permission clusters (for the user, group and other), line up exactly with the three digit binary representations.

To build a binary representation of a set of permissions, just look to see where permissions are granted, then, keeping the same 3 column format, place a 1 where each permission is granted. If there is a dash, put a zero as a placeholder:

So, from our example:

"rxw" = 111

"rw-" = 110

"r--" = 100
And, taking these numbers, in the same order as the original file permissions, you build the octal (using the binary-to-octal conversion above):
111  =  7
110  =  6
100  =  4
or, 764!

--Notes from Sumitabha Das' book "Your UNIX: The Ultimate Guide" as well as from a UMUC class on Unix I was at the time (2010).

See also "Decoding Binary Files With Octal Dump."

Moar Tuts!

Back