Purchase | Copyright © 2002 Paul Sheer. Click here for copying permissions. | Home |
Every file and directory on a UNIX system, besides being owned by a user and a group, has access flags [A switch that can either be on or off.] (also called access bits) dictating what kind of access that user and group have to the file.
Running ls -ald /bin/cp /etc/passwd /tmp gives you a listing like this:
|
-rwxr-xr-x 1 root root 28628 Mar 24 1999 /bin/cp -rw-r--r-- 1 root root 1151 Jul 23 22:42 /etc/passwd drwxrwxrwt 5 root root 4096 Sep 25 15:23 /tmp |
In the leftmost column are flags which completely describe the access rights to the file.
So far I have explained that the furthest flag to the left is either - or d, indicating an ordinary file or directory. The remaining nine have a - to indicate an unset value or one of several possible characters. Table 14.1 gives a complete description of file system permissions.
You use the chmod command to change the permissions of a file. It's usually used as follows:
|
chmod [-R] [u|g|o|a][+|-][r|w|x|s|t] <file> [<file>] ... |
For example,
|
chmod u+x myfile |
adds execute permissions for the user of myfile. And,
|
chmod a-rx myfile |
removes read and e xecute permissions for all--that is, user, group, and other.
The -R option, once again means recursive, diving into subdirectories as usual.
Permission bits are often represented in their binary form, especially in programs. It is convenient to show the rwxrwxrwx set in octal, [See Section 2.1.]where each digit fits conveniently into three bits. Files on the system are usually created with mode 0644, meaning rw-r--r--. You can set permissions explicitly with an octal number, for example,
|
chmod 0755 myfile |
gives myfile the permissions rwxr-xr-x. For a full list of octal values for all kinds of permissions and file types, see /usr/include/linux/stat.h.
In Table 14.1 you can see s, the setuid or setgid bit. If it is used without execute permissions then it has no meaning and is written as a capitalized S. This bit effectively colorizes an x into an s, so you should read an s as e xecute with the setuid or setgid bit set. t is known as the sticky bit. It also has no meaning if there are no execute permissions and is written as a capital T.
The leading 0 can in be ignored, but is preferred for explicitness. It can take on a value representing the three bits, setuid ( 4), setgid ( 2), and sticky ( 1). Hence a value of 5764 is in binary and gives -rwsrw-r-T.
umask sets the default permissions for newly created files; it is usually 022. This default value means that the permissions of any new file you create (say, with the touch command) will be masked with this number. 022 hence excludes write permissions of group and of other. A umask of 006 would exclude read and write permissions of other, but would allow read and write of group. Try
5 |
umask touch <file1> ls -al <file1> umask 026 touch <file2> ls -al <file2> |
026 is probably closer to the kind of mask we like as an ordinary user. Check your /etc/profile file to see what umask your login defaults to, when, and also why.
In addition to permissions, each file has three integers associated with it that represent, in seconds, the last time the file was accessed (read), when it was last modified (written to), and when its permissions were last changed. These are known as the atime, mtime, and ctime of a file respectively.
To get a complete listing of the file's permissions, use the stat command. Here is the result of stat /etc:
5 |
File: "/etc" Size: 4096 Filetype: Directory Mode: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Device: 3,1 Inode: 14057 Links: 41 Access: Sat Sep 25 04:09:08 1999(00000.15:02:23) Modify: Fri Sep 24 20:55:14 1999(00000.22:16:17) Change: Fri Sep 24 20:55:14 1999(00000.22:16:17) |
The Size: quoted here is the actual amount of disk space used to store the directory listing, and is the same as reported by ls. In this case it is probably four disk blocks of 1024 bytes each. The size of a directory as quoted here does not mean the sum of all files contained under it. For a file, however, the Size: would be the exact file length in bytes (again, as reported by ls).