Next: , Up: File Permissions



6.1 Structure of File Permissions

There are three kinds of permissions that a user can have for a file:

  1. permission to read the file. For directories, this means permission to list the contents of the directory.
  2. permission to write to (change) the file. For directories, this means permission to create and remove files in the directory.
  3. permission to execute the file (run it as a program). For directories, this means permission to access files in the directory.

There are three categories of users who may have different permissions to perform any of the above operations on a file:

  1. the file's owner;
  2. other users who are in the file's group;
  3. everyone else.

Files are given an owner and group when they are created. Usually the owner is the current user and the group is the group of the directory the file is in, but this varies with the operating system, the filesystem the file is created on, and the way the file is created. You can change the owner and group of a file by using the chown and chgrp commands.

In addition to the three sets of three permissions listed above, a file's permissions have three special components, which affect only executable files (programs) and, on some systems, directories:

  1. set the process's effective user ID to that of the file upon execution (called the setuid bit). No effect on directories.
  2. set the process's effective group ID to that of the file upon execution (called the setgid bit). For directories on some systems, put files created in the directory into the same group as the directory, no matter what group the user who creates them is in.
  3. save the program's text image on the swap device so it will load more quickly when run (called the sticky bit). For directories on some systems, prevent users from removing files that they do not own in the directory; this is called making the directory append-only.