An Introduction to Unix Permissions09/06/2000
When I was first learning Unix, it seemed that everything I tried to do resulted in the very irritating "Permission denied" message. I also quickly learned that if root starts messing with permissions before root knows what he is doing, all the neat utilities that come with Unix stop working.
Today's article is the first of two articles on permissions. In Part 1, I want to concentrate on recognizing file permissions and what they allow and don't allow you to do. Next week, we'll move on to actually changing default permissions and what to be careful of when you do so.
Unix uses three base permissions: read (
r), write (
w), and execute (
view the permissions of the root directory on your FreeBSD system, use the
ls command with the
l (show long listing) and
a (show all files) switches
ls -la /
total 6087 drwxr-xr-x 16 root wheel 512 Aug 9 11:36 . drwxr-xr-x 16 root wheel 512 Aug 9 11:36 .. -rw-r--r-- 1 root wheel 658 Jul 26 23:14 .cshrc -rw-r--r-- 2 root wheel 251 Jul 26 23:14 .profile -r--r--r-- 1 root wheel 4735 Jul 26 23:14 COPYRIGHT drwxr-xr-x 2 root wheel 1024 Aug 9 07:45 bin drwxr-xr-x 3 root wheel 512 Aug 8 17:14 boot drwxr-xr-x 2 root wheel 512 Aug 8 13:03 cdrom lrwxr-xr-x 1 root wheel 11 Aug 8 17:14 compat -> /usr/compat drwxr-xr-x 3 root wheel 12800 Aug 13 10:03 dev drwxr-xr-x 15 root wheel 2048 Aug 12 19:21 etc lrwxrwxrwx 1 root wheel 9 Aug 8 17:15 home -> /usr/home -r-xr-xr-x 1 root wheel 3087410 Jul 27 00:44 kernel -r-xr-xr-x 1 root wheel 3087410 Jul 27 00:44 kernel.GENERIC drwxr-xr-x 2 root wheel 512 Jul 26 23:00 mnt drwxr-xr-x 2 root wheel 2560 Aug 8 13:45 modules dr-xr-xr-x 1 root wheel 512 Aug 15 10:11 proc drwxr-xr-x 3 root wheel 512 Aug 14 10:21 root drwxr-xr-x 2 root wheel 2048 Aug 9 07:45 sbin drwxr-xr-x 4 root wheel 1024 Aug 8 13:03 stand lrwxrwxrwx 1 root wheel 11 Aug 8 17:06 sys -> usr/src/sys drwxrwxrwt 3 root wheel 512 Aug 15 09:24 tmp drwxr-xr-x 18 root wheel 512 Jul 27 01:09 usr drwxr-xr-x 18 root wheel 512 Jul 27 01:05 var
Let's pick apart this output. This long listing starts with:
which is the number of 512-byte blocks used by the files within this directory. You only get this information if you do a long listing on a directory; to see the difference, do a long listing on a file, like so:
ls -l /.cshrc
-rw-r--r-- 1 root wheel 658 Jul 26 23:14 /.cshrc
After the total block information is a listing of all files in the
specified directory. To Unix, everything is a file; this means that data
files, directories, device entries, and links are all considered to be
files. The very first letter in a file's
ls -la listing states what type of file it is. For example:
drwxr-xr-x 2 root wheel 1024 Aug 9 07:45 bin
bin is a directory as its listing begins with the letter d.
-rw-r--r-- 1 root wheel 658 Jul 26 23:14 .cshrc
.cshrc is a regular file as its listing begins with the character
lrwxrwxrwx 1 root wheel 9 Aug 8 17:15 home -> /usr/home
home is a symbolic link as its listing begins with the letter
l. You'll also note that symbolic links use a
-> to indicate the files that are linked.
The next nine characters represent the file's permissions. Permissions are
always listed in the order of read, write, and execute. If the letter
is listed, the permission is granted; if there is a
- instead of the letter, that permission is denied. The permissions are repeated three
times to represent owner, primary group, and everyone else. In the
-rw-r--r-- 1 root wheel 658 Jul 26 23:14 .cshrc
.cshrc is a regular file -- its listing begins with a
-. The owner of the file (root) has read and write permissions, but not the execute permission. Anyone in the primary group (wheel) has read permission to this file, but not write or execute permission. Everyone else has read permission, but not write or execute permission.
Note that the owner of the file is listed after the permissions; the primary group of the file is listed after the owner. This is followed by the size of the file in bytes, the date and time the file was last modified, and finally the name of the file.
What a person can actually do with a file depends on both the file's
permissions and the permissions of the directory the file lives in. Let's
look at the meanings of
x for regular files and directories, and then see if we can predict what a regular user can do with a file. Note that I said regular user; the root user is not subject to permissions -- one of the many reasons not to be root any longer than absolutely necessary.
If read (
r) is set on a file, permission is given to view (not change) the contents of the file using an editor or a utility such as
more. If read is set on a directory, permission is given to list the contents (or files and subdirectories) within the directory using the
If write (
w) is set on a file, permission is given to change the contents of the file using an editor or a redirector. If write is set on a directory, permission is given to change the contents of the directory; meaning you can create, move, or delete files within the directory.
If execute (
x) is set on a file, it can be run as a program or a shell script. If execute is set on a directory, permission is given to
cd into that directory.
Pages: 1, 2