3.9.1 Concepts of file permissions


Next: 3.9.2 Interpreting file permissions Up: 3.9 File Permissions Previous: 3.9 File Permissions

      Because there are multiple users on a UNIX system, in order to protect individual user’s files from tampering by other users, UNIX provides a mechanism known as file permissions. This mechanism allows files and directories to be « owned » by a particular user. As an example, because Larry created the files in his home directory, Larry owns those files, and has access to them.

UNIX also allows files to be shared between users and groups of users. If Larry so desired, he could cut off access to his files, such that no other user could access them. However, on most systems the default is to allow other users to read your files, but not modify or delete them in any way.

  As explained above, every file is owned by a particular user. However, files are also owned by a particular group, which is a system-defined group of users. Every user is placed into at least one group when that user is created. However, the system administrator may also grant the user access to more than one group.

    Groups are usually defined by the type of users which access the machine. For example, on a university UNIX system, users may be placed into the groups student, staff, faculty or guest. There are also a few system-defined groups (such as bin and admin) which are used by the system itself to control access to resources—very rarely do actual users belong to these system groups.

READ  Linux Commercial HOWTO: Copyright Information

Permissions fall into three main divisions: read, write, and execute. These permissions may be granted to three classes of users: the owner of the file, the group to which the file belongs, and to all users, regardless of group.

                  Read permission allows a user to read the contents of the file, or in the case of directories, to list the contents of the directory (using ls). Write permission allows the user to write to and modify the file. For directories, write permission allows the user to create new files or delete files within that directory. Finally, execute permission allows the user to run the file as a program or shell script (if the file happens to be a program or shell script, that is). For directories, having execute permission allows the user to cd into the directory in question.


Next: 3.9.2 Interpreting file permissions Up: 3.9 File Permissions Previous: 3.9 File Permissions

Matt Welsh
mdw@sunsite.unc.edu