|
Each file in the UNIX file system has a file mode associated with it. The
file mode indicates the type of file and access permissions. The best way
of examining the mode of a file is with the ls command in
long
format: ls -l. The long format of ls shows information
about a
file including the file mode, owner, size, date & time, and name, and
if ls -lg is used, group ownership will also be
displayed. As
an example, suppose I had two files in my directory, a directory called
dir and a file called file:
% ls -lg
total 1
drwx------ 2 progasst firstaid 512
Jan 5 $
-rwxr-xr-- 1
progasst firstaid 0 Ja$
%
The file mode is in the first column and shows a series of 10 letters and
dashes (don't believe the man page, it lies). The first character of the
file mode indicates the type of file. The most common values for this are
'd' if the entry is a directory, 'l' if it is a symbolic link, and '-'
if it is a plain file.
Following the file mode are 9 characters grouped in three sets of three
that indicate owner permissions of the file, group permissions, and finally
other (or everybody else) permissions, respectively. The group of three
characters will appear in order of rwx, or a '-'. 'r' means that the file
is readable, 'w' means that it is writable, 'x' means that it is executable,
and '-' means that the indicated permission is not granted. Owner permissions
apply to the owner of the file, the group applies to the members of the
group associated with the file (as explained in the section on users,
groups, and file ownership), and other applies to everybody that does
not fall into the previous two categories. Note that these categories are
exclusive. If you are in someone's group, and they have a file with read
permissions for user and other, but not group, you will not be able to
read it even though people not in your group will be able to!
Access Permission of a File
The access permissions of a file
mean different things depending on
whether the file is a directory or not. If the file is just a regular file
then permissions are rather straight forward. Read access on a file allows
the file's contents to be viewed. Write permission allows the contents
to be altered, which includes overwriting, changing, adding, and deleting
existing text. Finally execute permissions allow the file to be run as
a program. There are quirks however, write access without read access will
not produce the desired results, that is it does weird things. If a shell
script is given execute permissions but not read permissions it will fail,
because the shell will not be able to read the contents of the file. However,
binary files with only execute permission do work, due to the special properties
of a binary executable.
Access Permissions on a Directory
The access permissions on a directory are a bit different. Execute permission
gives the ability to access the directory listing. If you don't have execute
permission on a directory, then you do not have any permissions at all
on the directory, since all the other permissions require that you be able
to access the directory.
Read Permission on a Directory
Read permission on a directory, allows you to read the contents of the
directory file. So, to do an ls on a directory (like ~progasst) you need
read permission on the directory. What if you only have execute permission
on the ~progasst directory (so you can't do ls), but you know there is
a file called readme that you have permission to read? Since you have execute
permission you can access the directory - you just can't list the contents
of the directory since you don't have read permission on the directory
file. In this case that is all the permission you need though since you
already know the file name. Just specify ~progasst/readme and you will
be able to access the file.
Write Permission
If you remember the properties of a directory file, then you should
be able to figure out what write permission gives you on a directory file.
Write permission gives you the ability to modify the contents of the directory
file, but not the contents of any of the files within
the directory. This is granted by the permissions on the individual files.
Permission Change
Permissions of a file can be changed with the chmod command, which accepts
two modes of permissions changing. First is absolute mode, which takes
an octal number constructed by OR'ing various mode's together. Since this
is not a course on octal number's, we are not going to go in details of
using absolute mode, if you would like to pursue it, the chmod(1) man page
has ample information.
The other mode is called symbolic mode, which uses the syntax:
chmod [who][operator][permissions] [files....]
The who parameter is a set of characters that indicate to whom the permissions
should apply, and they can have the value 'u' for user's (or owner's) permissions,
'g' for group permissions, 'o' for everybody else's (excluding the owner
and members of the group) permissions, and 'a' for everybody's (owner,
group, and other's) permissions.
The operator indicates how the permissions should be applied. A '+'
will add the permissions, '-' will take away the permissions, and '=' will
assign permissions absolutely (i.e., add the permissions indicated, and
take away any that are not).
The permissions are taken from the set 'r', 'w', and 'x', meaning read,
write and execute, respectively.
A simple example:
chmod go+r mr.file
adds read access to the group and the rest of the world on
mr.file.
Operators and permissions can be stacked up, allowing the following:
chmod u+x,g=x,o= mr.file
which gives execute permission to the owner of a file, and set's only
execute permission for the group, and set's no permissions on mr.file
for everybody else.
|
