Permissions | HP-UX 11i Systems Administration Handbook and Toolkit (2nd Edition)

The best place to begin discussing permissions is by issuing the ls command, which lists the contents of directories. Permissions are the means by which files and directories are made secure on your UNIX system. Because UNIX is multi- user , potentially thousands of users could be accessing the files on a system. Permissions controls who has access to what files.

Here is an example ls -l command and output:

 $  ls -l sort  -rwxr-x--x   1 marty     users     120 Jul 26 10:20 sort

Issuing this command has produced a lot of information relating to a file called sort . Let's begin to understand what this listing has produced by analyzing the first set of characters (-rwxr-x--x). This set of characters is made up of four distinct fields, as shown in Figure 21-1.

Figure 21-1. Permissions for File sort

graphics/21fig01.gif

The first character in this group is related to the file type. I covered some file types earlier, but the ls -l command does not analyze files to the same level of detail. Among the types of files that ls -l will list are shown in Figure 21-2:

Figure 21-2. File Types of the ls Command

graphics/21fig02.gif

Keep in mind that file types can vary slightly from one UNIX variant to another. The file types listed in Figure 21-2 are common to most UNIX variants. For every file on the system, UNIX supports three classes of access:

User access (u) . Access granted to the owner of the file.
Group access (g) . Access granted to members of the same group as the owner of the file.
Other access (o) . Access granted to everyone else.

These access rights are defined by the position of read (r), write (w), and execute (x) when the long listing command is issued. For the long listing ( ls -l ) issued earlier, you see the permissions in Table 21-1.

Table 21-1. Long Listing Permissions for the File sort

Access	User Access	Group Access	Other
Read	r	r	-
Write	w	-	-
Execute	x	x	x

Permissions are not granted where a "-" (hyphen) appears. In addition, there are other permissions, such as s, S, t, and T, which I don't cover at this time.

You can see that access rights are arranged in groups of three: three groups of permissions with three access levels each. The owner, in this case marty , has read, write, and execute permissions on the file. Anyone in the group users is permitted read and execute access to the file. other is permitted only execute access of the file.

The definitions of read, write, and execute differ somewhat for files and directories. Here is what you can do if you have read, write, and execute permissions for files:

read	You have permission to read the file.
write	You have permission to change and to write to the file.
execute	You can run, or execute, the program.

Here is what you can do if you have read, write, and execute permissions for directories:

Read	You can list the contents of the directory.
Write	You can create files in the directory, delete files in the directory, and create subdirectories in the directory.
execute	You can change to this directory using the cd command, which we'll cover shortly.

We will cover permissions again when the chmod command is described.