Page 403
the file. First, it tells you the permissions. Next, it tells you how many links the file has. It then tells you who owns the file (dpitts) and what group is associated with the file (users). Following the ownership section, the date and timestamp for the last time the file was modified is given. Finally, the name of the file is listed (test). The permissions are actually made up of four sections. The first section is a single character that identifies the type of object that is listed out. Check Table 20.1 to determine what the different options are for this field.
Table 20.1. Object type identifier.
| Character | Description |
| - | Plain file |
| b | Block special file |
| c | Character special file |
| d | Directory |
| l | Symbolic link |
| p | Named pipe |
| s | Socket |
Following the file type identifier are the three sets of permissions: rwx (owner), r-- (group), and r-- (other).
| NOTE |
|
The permissions on a directory are the same as those used by files: read, write, and
execute. The actual permissions, though, mean different things. For a directory, read access pro-
vides the ability to list the names of the files in the directory. It does not allow the other
attributes to be seen (owner, group, size, and so on). Write access provides the ability to alter
the directory contents. This means that the user could create and delete files in the directory.
Finally, execute access lets the user make the directory the current directory.
Page 404
Table 20.2 summarizes the differences between the permissions for a file and those for a directory.
Table 20.2. File permissions versus directory permissions.
| Permission | File | Directory |
| r | View the contents | Search the contents |
| w | Alter file contents | Alter directory contents |
| x | Run executable file | Make it the current directory |
Combinations of these permissions also allow certain tasks. For example, I already mentioned that it takes both read and execute permission to execute a script. This is because the shell must first read the file to see what to do with it. (Remember that #! /local/bin/perl tells it to execute the /local/bin/perl executable, passing the rest of the file to the executable.) There are other combinations that allow certain functionality. Table 20.3 describes the different combinations of permissions and what they mean, both for a file and for a directory.
Table 20.3. Comparison of file and directory permission combinations.
| Permission | File | Directory |
| --- | Cannot do anything with it. | Cannot access it or any of its subdirectories.|
| r-- | Can see the contents. | Can see the contents. |
| rw- | Can see and alter the contents. | Can see and alter the contents. |
| rwx | Can see and change the contents, as well as execute the file. | Can list the contents, add or remove files, and make the direc- tory the current directory (cd to it). |
| r-x | If a script, can execute it. Otherwise, provides read and execute permission. | Provides ability to change to directory and list contents, but cannot delete or add files to directory. |
| --x | Can execute if a binary. | User can execute a binary that he or she already knows about. |
As stated, the permissions can also be manipulated with a numeric coding system. The basic concept is the same as the letter coding system. As a matter of fact, the permissions look exactly alike. The difference is the way the permissions are identified. The numeric system uses binary
Page 405
counting to determine a value for each permission and sets them. Also, the find command can accept the permissions as an argument using the -perm option. In that case, the permissions must be given in their numeric form.
With binary, you count from the right to the left. Therefore, if you look at a file, you can easily come up with its numeric coding system value. The following file has full permissions for the owner and read permissions for the group and the world:
shell:/home/dpitts$ ls -la test -rwxr--r-- 1 dpitts users 22 Sep 15 00:49 test
This would be coded as 744. Table 20.4 explains how this number was achieved.
Table 20.4. Numeric permissions.
| Permission | Value |
| Read | 4 |
| Write | 2 |
| Execute | 1 |
Permissions use an additive process. Therefore, a person with read, write, and execute permissions to a file would have a 7 (4+2+1). Read and execute would have a value of 5. Remember, there are three sets of values, so each section would have its own value.
Table 20.5 shows both the numeric system and the character system for the permissions.
Table 20.5. Comparison of numeric and character permissions.
| Permission | Numeric | Character |
| Read-only | 4 | r-- |
| Write-only | 2 | -w- |
| Execute-only | 1 | --x |
| Read and write | 6 | rw- |
| Read and execute | 5 | r-x |
| Read, write, and execute | 7 | rwx |
Permissions can be changed using the chmod command. With the numeric system, the chmod command must be given the value for all three fields. Therefore, to change a file to read, write, and execute by everyone, the following command would be issued:
$ chmod 777 <filename>
Page 406
To perform the same task with the character system, the following command would be issued:
$ chmod a+rwx <filename>
Of course, more than one type of permission can be specified at one time. The following command adds write access for the owner of the file, and adds read and execute access to the group and everyone else:
$ chmod u+w,og+rx <filename>
The advantage that the character system provides is that you do not have to know what the previous permissions are. You can selectively add or remove permissions without worrying about the rest. With the numeric system, each section of users must always be specified. The downside of the character system is when complex changes are being made. Looking at the preceding example (chmod u+w,og+rx <filename>), it might have been easier to use the numeric system and replace all those letters with three numbers: 755.
The special-purpose access modes suid and sgid add an extra character to the picture. Before looking at what a file looks like with the different special access modes, check Table 20.6 for the identifying characters for each of the modes and a reminder as to what they mean.
Table 20.6. Special-purpose access modes.
| Code | Name | Meaning |
| s | suid | Sets process user ID on execution |
| s | sgid | Sets process group ID on execution |
suid and sgid are used on executables. Therefore, the code is placed where the code for the executable would normally go. The following file has suid set:
$ ls -la test -rwsr--r-- 1 dpitts users 22 Sep 15 00:49 test
The difference between the suid being set and the sgid being set is the placement of the code. The same file with sgid active would look like this:
$ ls -la test -rwxr-sr-- 1 dpitts users 22 Sep 15 00:49 test
To set the suid with the character system, the following command would be executed:
$ chmod u+s <filename>
To set the sgid with the character system, the following command would be executed:
$ chmod g+s <filename>