Linux File Permissions

When the user's account is created, every Linux user is assigned a user ID (UID) and a group ID (GID), which are used to identify the user for file access. Every file is also given a UID and GID. By default, these are the UID and GID of the person who creates it, though that can be changed. Permissions are granted based on matching the UIDs and GIDs of the file and the user as follows:

Owner permissions The permissions granted to the user who has the same UID as the file. In addition to being called owner permissions, they are also called user permissions.

Group permissions The permissions granted to users who have the same GID as the file.

World permissions The permissions granted to all other users, those who have neither the UID nor the GID of the file. In addition to being called world permissions, they are also called other permissions.

Each of these groups can be granted any combination of three possible permissions:

Read permission The contents of the file may be examined.

Write permission The contents of the file may be modified.

Execute permission The program contained in the file may be executed.

Use the -l option with the ls command to view the ownership and permissions assigned to a file.

Listing 9.1: Examining File Permissions with ls

-rw-

r-

-r--

1

craig

users

8255

May

17

14:

09

fig2-

-1.

gif

-rw-

r-

-r--

1

craig

users

8206

May

17

14:

10

fig2-

-2.

gif

-rw-

r-

-r--

1

craig

users

16328

May

16

22:

04

fig3-

-2.

gif

-rw-

r-

-r--

1

craig

users

3832

May

16

22:

13

fig4-

-1.

gif

-rw-

r-

-r--

1

craig

users

16741

May

16

22:

18

fig4-

-2.

gif

-rw-

r-

-r--

1

craig

users

14350

May

16

22:

24

fig4

-4.

gif

-rw-

r-

-r--

1

craig

users

22737

May

16

22:

27

fig4

-5.

gif

-rw-

r-

-r--

1

craig

users

14316

May

16

22:

34

fig5

-1.

gif

-rw-

r-

-r--

1

craig

users

15739

May

16

22:

35

fig5

-2.

gif

-rw-

r-

-r--

1

craig

users

21528

May

1

20:

46

fig8

-1.

gif

-rw-

r-

-r--

1

craig

users

16479

May

1

21:

18

fig8

-2.

gif

-rw-

r-

-r--

1

craig

users

22295

May

17

11:

43

fig8

-4.

gif

-rw-

r-

-r--

1

craig

users

16482

Apr

24

19:

50

fig9

-3.

gif

-rw-

r-

-r--

1

craig

users

11756

Apr

24

19:

54

fig9

-4.

gif

Each line in the long format directory listing begins with the file permissions. The first 10 characters are the same for every file in Listing 9.1: -rw-r—r—. The very first character indicates whether this is a directory (d), a link (l), or a file (-). In the example, all of the entries are files.

The next nine characters are divided into three groups of three to define the permissions for the owner of the file, for the members of the group to which this file is assigned, and for all other users. An r in the permission field indicates read permission, a w indicates write, and an x indicates execute.

In Listing 9.1, the owner is granted read and write permissions (rw-), and everyone else— members of the group as well as other users of the system—are granted only read access (r—).

The permissions can be viewed as three 3-bit numbers. r is 4 (binary 100), w is 2 (binary 010), and x is 1 (binary 001). Thus, the permission granted to the owner in Listing 9.1 is 6 (rw-), and the permissions granted to the group and to the world are 4 (r—) for a file permission setting of 644.

Was this article helpful?

0 0

Post a comment