| previous | contents | up | next |
Understanding File Ownership and Permissions
Each Unix file or directory is associated with an owner and group. The owner is the user that sets the permissions for the file, and the group is a collection of users that can be given increased access to a file. The owner should be listed in /etc/passwd, and the group should be listed in /etc/group. The kernel uses these entries to associtate each file with an owner UID and a group GID.
Each file also has a set of permissions that is based on either allowing or disallowing three basic operations. These are "read", "write", and "execute". These permissions are set seperately for three classes of accounts, "user", "group", and "other", that together encompass all accounts on a machine.
The actions associated with the three permissions for files and directories are:
write ( w ) A user who has write permission for a file can alter or remove the contents of that file. For a directory, the user can create and delete files in that directory.
execute ( x ) A user who has execute permission for a file can cause the contents of that file to be executed (provided that it is executable). For a directory, execute permission allows a user to change to that directory.
Users are placed into one of the three access classes following these rules:
Group ( g ) A group of users defined by the system administrator in /etc/group that can share access to files. Determined by the GID of the file's group.
Others ( o ) The remainder of the authorized users of the system.
To list ownership and permissions information on a file, use the ls command with the l flag (for "long" information) and the g flag(to display the associated group). This will display information on the files and subdirectories in a directory. To view this information for a specific file, call ls with the filename as an argument, i.e. ls -lg filename.
Each file or subdirectory returned from a ls -lg command will contain seven fields of information. Starting from the left, these are permission mode, link count, owner name, group name, file size in bytes, date and time of last modification, and the filename. An example of this output is:
The first 10 characters make up the mode field. If the first character is a "d" then the item listed is a directory; if it is a "-" then the item is a file; if it is an "l" then it is a link to another file. Characters 2 through 4 refer to the owner's permissions, characters 5 through 7 to the group's permissions , and the last three to the general public's permissions. (You can type id to verify your userid and group membership.) If a particular permission is given, the appropriate letter appears in the corresponding position; otherwise, a dash indicates that the permission is not given.
The second field in the output from ls -l is the number of links to the file. In most cases it is one, but other users may make links to your files, thus increasing the link count. A special warning to people using links to other people's files: your "copies" of their files can be counted against them by the file quota system available on certain UNIX variants. The third field gives the userid of the owner of the file. The group name follows in the fourth field . The next two fields give the size of the file (in bytes) and the date and time at which the file was last modified. The last field gives the name of the file.
| previous | contents | up | next |