Understanding permission under *nix

A collection of tips on howto tweak your Bubba.
Post Reply
Posts: 474
Joined: 07 May 2008, 04:41

Understanding permission under *nix

Post by carl » 23 Jan 2009, 10:59

Understanding permissions under a *nix system can be difficult for an novice, so I'll try describing it in a simple way.

A file or directory can be owned and shared by an user and in an group, so in *nix, we have three types of permission groups: "owner", "group" and "others".
Others are in general "everyone", and group are a group of users, where an user can belong to many groups. Usually the owner has more permissive permissions than group, and vice versa for group vs others, though often they have the same permissions.

A normal permission is defined by three flags, a read flag, an write flag, and an execute flag. As file extensions doesn't specify if a file is a program or not, there is instead a flag that specifies if an user can execute an file or not.

By counting this flags now, we have 9 flags, which is basically 9 bits in the file table. When visuallized in "ls", the permissions is displayed as following: "-rw-r--r--". This is ten characters, where the first character specifies what kind of file it is (d for direcory for example), after that, each three letter specifies user, group and others. In this example, the string tells us it is an regular file where everyone can read the file, but only the owner can write to it.

For directories, there is a bit difference; for them the execute flag (x) specifies if the user in question can "cd" into the directory. Thus a normal permission string for an directory is "drwxr-xr-x", which means that everyone can read files in the directory, and everyone can read what files exists in the directory, but only the owner can add and remove files in the directory.

Often the permission is mapped to an octal representation, where 1 = execute, 2=write and 4=read, thus the above permission is mapped to 644 and 755.

Generally there is three more flags, which is mostly important, but not often used in everyday user use. There are the setuid (4), setgid(2) and sticky bits (1).
In the ten letter view, these flags are inserted into the other groups, where it maps over the "x" flag. In the owner field, "S" if no x flag and setuid, "s" if x flag and setuid, similar in group field for setgid. In the other field, an "t" and "T" is used for sticky bit.

The sticky bit isn't used much nowadays for regular files, though it is used for directories, which results in that files in the directory can only be removed by the owner of the said file (used for example on the /tmp directory).

To change permission on a file, you can use "chmod":
Relative (write permission to the group):

Code: Select all

chmod g+w file...

Code: Select all

chmod 755 file...
Sticky dir:

Code: Select all

chmod 1755 file...
To change owner and group, the chown and chgrp can be used, though only by super user.

/Carl Fürstenberg, Excito Software Developer

Post Reply