Every file and directory on a UNIX system, besides being owned
by a user and a group, has access flags [A switch
that can either be on or off.] (also called access bits) dictating what kind of access that
user and group have to the file.
Running
ls -ald /bin/cp /etc/passwd /tmp gives you a
listing like this:
In the leftmost column are flags which completely
describe the access rights to the file.
So far I have explained that the furthest flag to the left is either
- or
d, indicating an ordinary file or directory. The
remaining nine have a
- to indicate an unset value or
one of several possible characters. Table
14.1 gives a complete description of file system permissions.
adds execute permissions for the user of
myfile. And,
chmod a-rx myfile
removes
read and e
xecute permissions
for
all--that is, user, group, and other.
The
-R option, once again means recursive,
diving into subdirectories as usual.
Permission bits are often represented in their binary form,
especially in programs. It is convenient to show the
rwxrwxrwx set in octal, [See Section 2.1.]where each digit fits
conveniently into three bits. Files on the system are usually
created with mode
0644, meaning
rw-r--r--. You can set permissions explicitly with an octal
number, for example,
chmod 0755 myfile
gives
myfile the permissions
rwxr-xr-x. For a full list
of octal values for all kinds of permissions and file types, see
/usr/include/linux/stat.h.
In Table 14.1 you can see
s, the setuid or
setgid bit. If it is used without execute permissions
then it has no meaning and is written as a capitalized
S.
This bit effectively colorizes an
x into an
s,
so you should read an
s as e
xecute
with the setuid or setgid bit set.
t is known as the sticky bit. It also has no
meaning if there are no execute permissions and is written as a capital
T.
The leading
0 can in be ignored, but is preferred for
explicitness. It can take on a value representing
the three bits, setuid (
4), setgid
(
2), and sticky (
1). Hence a value of
5764 is
in binary and gives
-rwsrw-r-T.
umask sets the default permissions for newly created files; it
is usually
022. This default value means that the permissions of any new
file you create (say, with the
touch command) will be
masked with this number.
022 hence excludes write
permissions of
group and of
other. A
umask of
006
would exclude read and write permissions of
other, but would allow read
and write of
group. Try
5
umask touch <file1> ls -al <file1> umask 026 touch <file2> ls -al <file2>
026 is probably closer to the kind of mask we like
as an ordinary user. Check your
/etc/profile file to see
what
umask your login defaults to, when, and also why.
In addition to permissions, each file has three integers associated with
it that represent, in seconds, the last time the file was accessed
(read), when it was last modified (written to), and when its permissions
were last changed. These are known as the atime, mtime, and
ctime of a file respectively.
To get a complete listing of the file's permissions, use the
stat
command. Here is the result of
stat /etc:
The
Size: quoted here is the actual amount of disk space
used to store the directory listing, and
is the same as reported by
ls. In this case it is
probably four disk blocks of 1024 bytes each. The size of a
directory as quoted here does not mean the sum of all
files contained under it. For a file, however, the
Size: would
be the exact file length in bytes (again, as reported by
ls).