7.2 Types of File Permissions

Previous page
Table of content
Next page
   

Every file in UNIX has one or more of three types of permissions. A file may be readable, writable, or executable. A user who has read-only permission for a particular file can only read it and is not able to change its contents or to delete the file. A write permission allows a user to modify the file or delete it. As we mentioned in Chapter 2, there are no special names for executable files in UNIX. Any file can be executable if a user has permission to execute it and if it is a valid executable file or shell script. If a user compiles a program but nobody has the right to execute it, it will not be executed. On the other hand, if you assign execute permission to a file that does not contain anything to execute, UNIX still tries to execute and displays an error message.

File permissions can be displayed using the ll (or ls -l ) command in HP-UX. This command shows the long listing of files. The first field consists of 10 characters . The first character shows the type of the file. File types are explained in Table 7-1. The next three characters (2nd to 4th) show permissions for the owner of the file. These permissions are always listed in rwx format. In rwx format, " r " represents read permission, " w " is used for write permission, and " x " is for execute permission. If one of these characters is present, it shows that the permission is granted. If the character is not there, a hyphen " - " is placed, showing that the permission is withheld. After the file owner permissions, the next combination of rwx shows permissions of the group to which the owner belongs. The last combination of rwx is for all other users of the UNIX system.

Table 7-1. File Types as Displayed by the ll Command
First Character in First Field Type of File
- Ordinary file
d Directory
l Symbolic ( or "soft" ) link file
c Character device file, like a modem or terminal
d Block device file, like a disk
p Named pipe

To understand the file permissions, consider the following example where we use the ll command to list files in the current directory. 

 $  ll  total 28 -rwxrw-r--   1 boota   users    103 Sep  8 18:06 abc drwxrwxrwx   2 root      sys   8192 Sep  8 18:00 usage -rw-r-----   1 boota   users     44 Sep  3 20:24 qwe -rw-rw-rw-   1 boota   users   2078 Jul  2 00:38 sqlnet.log -rw-rw-rw-   1 boota   users     14 Sep  3 18:28 xyz -rw-rw-rw-   1 boota   users     68 Sep  3 20:24 zxc

Now, you can see from this listing that abc is an ordinary file. It has read, write, and execute permissions for the owner of the file (user name boota shown in third column). Other members of the group (group name users shown in fourth field) have read and write permissions for the file, but they are not able to execute it. The last set, r- , shows that users who are not members of the group users can only read this file.

The next file in the listing is a directory with the name usage . We came to know that this is a directory by looking at the first character of the line, which is " d ". You can see from the listing that user root is the owner of this directory and that it belongs to group sys . Everyone has read, write, and execute permissions for this directory. Then we have a file qwe and we can see that other users have no permission for this file.

Importance of Read Permission

Read permission is the basic file permission. Other permissions are not of much use if someone doesn't have the read permission. If a regular user has no read permission for a file but has execute permission, he or she can't execute the file, as you need to read the file before executing it. Also, having write permission without a read permission will allow a user to delete the file. The user will not be able to edit the file because you need to read the file before you edit it.

For example, prog2 is a program file having the following permissions. The owner can't execute it because the read permission is denied . 

 ---xrw-rw-   1 boota   users     14 Sep  3 18:28 prog2

If the owner of the file tries to execute the file, the following message appears. 

 $  prog2  sh: prog2: Cannot find or open the file. $

As you can see from the file permissions for the owner ( --x ), although the owner has execute permission, the shell is not able to read the program file. And if you can't read a program, how can you execute it?

Left-to-Right Rule of File Permissions

In UNIX, the permissions are read from left to right. It means that the first allow or deny that comes to your path is applied. For example, if the owner of a file doesn't have execute permission to a file and the group has the execute permission, the owner will not be able to execute the file. This is because, first of all, owner permissions were analyzed by the shell and it came to know that the execute permission is revoked . The shell did not go further in checking the group or other permissions and stopped any further action on the file with an error message. Consider the same program we used in the previous example with permission set as shown below. 

 -rw-rwxrwx   1 boota   users     14 Sep  3 18:28 prog2

Here the owner has read and write permission but all others have execute permission in addition to read and write. When the owner executes the program, the following message appears 

 $  prog2  sh: prog2: Execute permission denied. $

The UNIX way of interpreting file permissions is different from some other operating systems that analyze all permissions applied to a user and take the most allowed or most restricted permissions set.

Directory Permissions

Most users organize files in directories. Directory- related permissions affect all of the files contained in that directory. There are some rules that should be kept in mind when granting or revoking permissions to a directory. For a proper operation, a directory should have read and execute permissions set. The following rules apply to directory permissions in addition to general file permissions:

  • If read permission for a directory is not set, no file inside the directory can be listed or accessed.

  • If execute permission of a directory is not set, files inside the directory can be listed with names only. This means ls will work but ll will not work. Also, no files inside the directory can be read or executed. Because of this, the execute permission for a directory is also called list permission.

  • If only execute permission is set and read or write permissions are not set, a user can go into the directory with the cd command and execute a program inside the directory if the program name is known. Also, a file can be viewed with the cat command if the file name is already known. It means you can execute programs but can't see the files.

  • If a directory contains a file that a user can't delete (no write permission), he or she can't delete the directory even though write permission is granted for the directory.

We will see an example of how directory permissions affect files inside a directory, but first let us see how we can change file permissions.

   
Top

Previous page
Table of content
Next page
HP Certified
HP Certified: HP-UX System Administration
ISBN: 0130183741
EAN: 2147483647
Year: 2000
Pages: 390
Authors: Rafeeq Rehman
BUY ON AMAZON
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
SQL Hacks
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
InDesign Type: Professional Typography with Adobe InDesign CS2
.NET System Management Services
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy