Managing permissions on Sonic (chmod)

When creating a new directory on the ESIPP shared directory on Sonic, it is good practice to consider the permissions which are applied to that directory.

When a new directory has been created, by executing:

mkdir new_directory

A set of permissions are set up for this new directory for three categories:

  1. The user (u), i.e. the creator of the new directory.
  2. The group (g), e.g. our ESIPP metclim group.
  3. Others (o), i.e. other people who might be granted access to the folder.

The default on sonic is to provide “read, write and execute” permission to the user (u) and provide “read and execute” permission to both group members (g) and others (o).

To allow for group members to write to directories which have been created by another user, the permissions need to be altered using the “chmod” command.

There are two options which can be used to change permissions, one which uses letters and another which uses numbers.

Firstly using letters.  If you have created your new directory “new_directory”, you can change the permissions by entering the following command

chmod u=rwx,g=rwx,o=rx new_directory/

This will grant “read, write and execute” permission to both the user (u) and also the group members (g).  “Read and execute” permission is maintained for other users (o).

This can also be achieved used a numerical approach.  In this case:

  • 4 corresponds to “read”
  • 2 corresponds to “write”
  • 1 corresponds to “execute”
  • 0 corresponds to “no permission”

In this scenario you enter a sequence of 3 digits which correspond to the sum of the permissions for that category (ugo).  E.g. to replicate the chmod command shown earlier would correspond to the following:

chmod 775 new_directory/

The first digit represents the permission for the user as 7 = 4+2+1 (read + write + execute).  The same is the case for group members.  The 5 for other users is 4+1 (read+execute).

This should also be performed for any subsequent sub-directories within your new directory.

You can check the permissions for a given directory by entering “ls -lh” to display the contents of the directory in a human readable list. An example is shown below:

The letters which follow the letter d indicate the permissions, again for the 3 categories (ugo).  The “MERRA2” directory has permissions of “rwxrwxr-x” meaning that both the user and group members have “read, write and execute” permission, while other users just have “read and execute” permission.  On the other hand the “MetEireann” folder has permissions of “rwxr-xr-x”, meaning that Conor (as he is listed as the user who created the directory) is the only person who can write to this directory.