Tags:
create new tag
, view all tags
See BLT and AboutThesePages.

Contents

First Definition

file ownership and permissions in Linux: Linux is a multiuser operating system, and thus it has been more important in Linux than in Dos / Windows to develop a system to allow owners to have control of their own files.

In Linux, read, write, and execute permissions can be controlled for the owner of a file, for a group that "owns" the file, or for everybody.

The permissions are set by a set of 9 bits (plus 3 others that will be covered later). These 9 bits are divided into three sets of three. One set represents permissions for the owner of a file, one set represents permissions for the group "owner" of a file, and one set represents permissions for everybody (who has access to the system).

The bits are represented in two different ways, either as an octal triplett, or as letters representing the permissions (rwx). For example, the octal triplet 777 is equivalent to -rwxrwxrwx and means that the owner, group, and everybody (world) have permission to read, write, and execute a file with those permissions.

< more examples and explanation>

In Linux, chown, chgrp, and chmod (and a few other commands) are used in combination to control who can do what with a given file or directory.

< Cover the sticky bit, the other bits (whatever they are), mention chattr, and what the execute bit means for a directory (IIUC, that it can be searched).>

< Stop, I've written some or all of this before -- find it, or there's got to be a good simple, "one page" reference that I should link to here.>

A user can be a real person, or an "artificial" person established for purposes of controlling permissions on executable programs or files. For example, a system typically has a user account established to be the "owner" of the Apache web server (sometimes "nobody" (not recommended because "nobody" is often used as the owner of other executable files -- if somebody breaks in and becomes established as user "nobody" he can run any programs that "nobody" has executable permissiion for, or change any files that "nobody" has write permission for), sometimes "www-<something", "apache", or ??).

<Maybe the previous paragraph should be moved to the permissions definition, along with:> Having the wrong owner, group, or permissions is a common cause of programs failing to work in Linux. Wrong permissions on an executable are probably the most obvious possibility, but consider that wrong permissions on, for example, a configuration file will mean that the program cannot access its configuration file.

Advanced Stuff

Read, Write, Execute for Files and Directories

Bit for a file for a directory
read the file can be read ??
write the file can be modified a file can be added to the directory
execute the file can be executed the contents of the directory can be displayed

I guess to really understand these, especially for a directory, I need to run some tests.

The Other Three Bits

Likewise, with respect to doing some testing. Some of these bits may only be meaningful if certain other bits are set properly. For example, I think that the SUID and SGID bits are only meaningful if a file is executable.

Bit for a file for a directory
SUID
SGID
Sticky

These may be longer explanations, so I'll write them here first, then consider condensing them (and hope somebody vets them for correctness):

suid: For an executable file: If the suid bit is set, the program runs with the permissions of its owner, not the user who invoked the file. (??)

Some points:

  • If the owner of the executable file is root, the executable can do things that root can do and the user invoking the file cannot do, things like chown'ing and chgrp'ing files.

  • If the executable file creates a file, the created file is owned by the owner of the executable file, not the user who invoked the file.

suid: For a nonexecutable file: na??

suid: For a directory: ??

sgid: For an executable file: If the sgid bit is set, the program runs with the permissions of its group????

Some points:

  • If the executable file creates a file, the group of the created file is the group of the executable file, not the user who invoked the file??

sgid: For a nonexecutable file: na??

sgid: For a directory: ??

sticky: For a directory: A file in a directory with the sticky bit set can only be deleted by the owner of the file.

sticky: For a file: ??

Contributors

  • RandyKramer - 15 Jan 2002
  • <If you edit this page, add your name here, move this to the next line>
Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r3 - 2002-04-06 - RandyKramer
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by PerlCopyright 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding WikiLearn? WebBottomBar">Send feedback
See TWiki's New Look