The dual concepts of permissions and ownership in Unix are not only an important part of Unix's high level of stabilitythey are also the foundation for its system of security.
This chapter covers these two critical concepts, and from the very first we want to impress upon you the difference between them. Even Unix veterans are sometimes tripped up when they haven't sufficiently separated the two concepts in their minds.
It's really quite simple. Think "Who owns it?" and "What permission do they have?" Ownership in Unix deals with who controls something. Permissions deals with what the owners (and others) can do with something. Every file is "owned" by one user and one group . Every file has a set of "permissions" that define what the owning user , group, and all others may do with it.
This chapter describes the ownership and permissions features available on every Unix and Unix-like system you are likely to encounter. We'll show you what users and groups are, how to see who owns each file, and how to understand and set the permissions on a file. Because the setting of permissions in Unix involves so many possible combinations, we use several tables and examples to allow you to compare different permission settings and to read an explanation for each. Starting in version 10.4, Mac OS X also supports an extremely powerful (and equally complex) ownership and permissions feature called Access Control Lists (ACLs) At the end of this chapter we describe ACLs and give some examples of their use.