ch22_02.htm

the unix power tools

<HTML
><!--Distributed by F --><HEAD
><TITLE
>[Chapter 22] 22.2 Tutorial on File and Directory Permissions </TITLE
><META
NAME="DC.title"
CONTENT="UNIX Power Tools"><META
NAME="DC.creator"
CONTENT="Jerry Peek, Tim O'Reilly &amp; Mike Loukides"><META
NAME="DC.publisher"
CONTENT="O'Reilly &amp; Associates, Inc."><META
NAME="DC.date"
CONTENT="1998-08-04T21:40:20Z"><META
NAME="DC.type"
CONTENT="Text.Monograph"><META
NAME="DC.format"
CONTENT="text/html"
SCHEME="MIME"><META
NAME="DC.source"
CONTENT="1-56592-260-3"
SCHEME="ISBN"><META
NAME="DC.language"
CONTENT="en-US"><META
NAME="generator"
CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"><LINK
REV="made"
HREF="mailto:online-books@oreilly.com"
TITLE="Online Books Comments"><LINK
REL="up"
HREF="ch22_01.htm"
TITLE="22. File Security, Ownership, and Sharing"><LINK
REL="prev"
HREF="ch22_01.htm"
TITLE="22.1 Introduction to File Ownership and Security "><LINK
REL="next"
HREF="ch22_03.htm"
TITLE="22.3 Who Will Own a New File? "></HEAD
><BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
><DIV
CLASS="htmlnav"
><H1
><IMG
SRC="gifs/smbanner.gif"
ALT="UNIX Power Tools"
USEMAP="#srchmap"
BORDER="0"></H1
><MAP
NAME="srchmap"
><AREA
SHAPE="RECT"
COORDS="0,0,466,58"
HREF="index.htm"
ALT="UNIX Power Tools"><AREA
SHAPE="RECT"
COORDS="467,0,514,18"
HREF="jobjects/fsearch.htm"
ALT="Search this book"></MAP
><TABLE
WIDTH="515"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_01.htm"
TITLE="22.1 Introduction to File Ownership and Security "
><IMG
SRC="gifs/txtpreva.gif"
SRC="gifs/txtpreva.gif"
ALT="Previous: 22.1 Introduction to File Ownership and Security "
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><B
><FONT
FACE="ARIEL,HELVETICA,HELV,SANSERIF"
SIZE="-1"
>Chapter 22<BR>File Security, Ownership, and Sharing</FONT
></B
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_03.htm"
TITLE="22.3 Who Will Own a New File? "
><IMG
SRC="gifs/txtnexta.gif"
SRC="gifs/txtnexta.gif"
ALT="Next: 22.3 Who Will Own a New File? "
BORDER="0"></A
></TD
></TR
></TABLE
>&nbsp;<HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"></DIV
><DIV
CLASS="SECT1"
><H2
CLASS="sect1"
><A
CLASS="title"
NAME="UPT-ART-0417"
>22.2 Tutorial on File and Directory Permissions </A
></H2
><P
CLASS="para"
>[Think you know all about permissions?
Even if you do, skim through this article.
Bruce has some good tips. -JP]</P
><P
CLASS="para"
><A
CLASS="indexterm"
NAME="AUTOID-23757"
></A
><A
CLASS="indexterm"
NAME="AUTOID-23760"
></A
>There are three basic attributes for plain file permissions: read,
write, and execute.  Read and write permission obviously let you read
the data from a file or write new data to the file.  When you have
execute permission, you can use the file as a program or shell script.
The characters used to describe these permissions are <CODE
CLASS="literal"
>r</CODE
>,
<CODE
CLASS="literal"
>w</CODE
>, and <CODE
CLASS="literal"
>x</CODE
>, for e<EM
CLASS="emphasis"
>x</EM
>ecute.</P
><P
CLASS="para"
>Directories use these same permissions, but they have a different meaning.<A
CLASS="indexterm"
NAME="AUTOID-23769"
></A
><A
CLASS="indexterm"
NAME="AUTOID-23771"
></A
><A
CLASS="indexterm"
NAME="AUTOID-23773"
></A
>
If a directory has read permission, you can see what files are in the directory.
Write permission means you can add, remove, or rename files in the directory.
Execute allows you to use 
the directory name when accessing files inside that directory.
(Article
<A
CLASS="xref"
HREF="ch18_02.htm"
TITLE="What's Really in a Directory "
>18.2</A
>
has more information about what's in a directory.)
Let's examine this more closely.</P
><P
CLASS="para"
>Suppose you have read access to a directory,
but you do not have execute access to the files
in the directory. You can still read the
directory, or
<SPAN
CLASS="link"
><EM
CLASS="emphasis"
>inode</EM
> (<A
CLASS="linkend"
HREF="ch01_22.htm"
TITLE="How UNIX Keeps Track of Files: Inodes "
>1.22</A
>)</SPAN
>
information for that file, as returned by the 
<EM
CLASS="emphasis"
>stat</EM
>(2)
system call. That is, you can see the file's name, permissions, size, access times, owner and group,
and number of links.
You cannot read the contents of the file.</P
><P
CLASS="para"
>Write permission in a directory allows you to change the contents of a directory.
Because the name of the file is stored in the directory, and not the file,
<EM
CLASS="emphasis"
>write permission in a directory allows creation, renaming, or
deletion of files</EM
>.
To be specific, if someone has write permission to your home directory, they
can rename or delete your <EM
CLASS="emphasis"
>.login</EM
>
file and put a new file in its place.
The permissions of your <EM
CLASS="emphasis"
>.login</EM
>
file do not matter.
Someone can rename a file even if they can't read the contents of a file.
(See article
<A
CLASS="xref"
HREF="ch22_11.htm"
TITLE="A Loophole: Modifying Files Without Write Access"
>22.11</A
>.)</P
><P
CLASS="para"
>Execute permission on a directory is sometimes called search
permission.  If you found a directory that gave you execute
permission, but not read permission, you could use any file in that
directory. However, you <EM
CLASS="emphasis"
>must</EM
> know the name. You cannot look
inside the directory to find out the names of the files.  Think of
this type of directory as a black box.  You can throw filenames at
this directory, and sometimes you find a file, sometimes you don't.
(See article
<A
CLASS="xref"
HREF="ch22_12.htm"
TITLE="A Directory that People Can Access but Can't List "
>22.12</A
>.)</P
><DIV
CLASS="sect2"
><H3
CLASS="sect2"
><A
CLASS="title"
NAME="UPT-ART-417-SECT-1.1"
>22.2.1 User, Group, and World </A
></H3
><P
CLASS="para"
><A
CLASS="indexterm"
NAME="AUTOID-23791"
></A
><A
CLASS="indexterm"
NAME="UPT-ART-417-IX-DIRECTORIES-OWNERSHIP"
></A
><A
CLASS="indexterm"
NAME="UPT-ART-417-IX-OWNERSHIP-FILE"
></A
><A
CLASS="indexterm"
NAME="AUTOID-23800"
></A
>All files have an owner and group associated with them. 
There are three sets of read/write/execute permissions: 
one set for the user or owner of the file,
one set for the group 
<SPAN
CLASS="link"
>group (<A
CLASS="linkend"
HREF="ch22_13.htm"
TITLE="Groups and Group Ownership "
>22.13</A
>)</SPAN
>
of the file, and one set for everyone else.
These permissions are determined by nine bits in the
inode
information, and are represented by the characters 
<CODE
CLASS="literal"
>rwxrwxrwx</CODE
> in an <EM
CLASS="emphasis"
>ls -l</EM
> listing:
[1]</P
><BLOCKQUOTE
CLASS="footnote"
><P
CLASS="para"
>[1] On some UNIX systems, <EM
CLASS="emphasis"
>ls -l</EM
> produces
an eight-column listing without the group name (here, <CODE
CLASS="literal"
>books</CODE
>).
Use <EM
CLASS="emphasis"
>ls -lg</EM
> to get the listing format shown here.</P
></BLOCKQUOTE
><P
CLASS="para"
><BLOCKQUOTE
CLASS="screen"
><PRE
CLASS="screen"
>% <CODE
CLASS="userinput"
><B
>ls -l</B
></CODE
>
drwxr-xr-x  3 jerry   books      512 Feb 14 11:31 manpages
-rw-r--r--  1 jerry   books    17233 Dec 10  1990 misc.Z
-rwxr-xr-x  1 tim     books      195 Mar 29 18:55 myhead</PRE
></BLOCKQUOTE
></P
><P
CLASS="para"
>&#13;The first character in the <EM
CLASS="emphasis"
>ls -l</EM
> listing
<SPAN
CLASS="link"
>specifies the type of file (<A
CLASS="linkend"
HREF="ch17_13.htm"
TITLE="Searching for Files by Type "
>17.13</A
>)</SPAN
>.
The first three of the nine permissions characters that follow 
specify the user, the middle three the group, 
and the last three the world. If the permission is not true, a dash
is used to indicate lack of privilege. 
If you wanted to have a data file that you could read or write,
but don't want anyone else to access, the permissions would be 
<CODE
CLASS="literal"
>rw-------</CODE
>.</P
><P
CLASS="para"
>An easier way to specify these nine bits is with 
three octal digits instead of nine characters.
(Article
<A
CLASS="xref"
HREF="ch01_23.htm"
TITLE="File Access Permissions "
>1.23</A
>
has diagrams of permission bits and explains how to write permissions as an
octal number.)
The order is the same, so the above permissions can be described
by the octal number 
600.
The first number specifies the owner's permission.
The second number specifies the
permission.
The last number specifies permission to everyone who is
not the owner or not in the group of the file [although permissions
don't apply to the
<SPAN
CLASS="link"
>superuser (<A
CLASS="linkend"
HREF="ch01_24.htm"
TITLE="The Superuser (Root) "
>1.24</A
>)</SPAN
>,
who can do anything to any file or directory. <EM
CLASS="emphasis"
>-JP</EM
>&nbsp;].</P
><P
CLASS="para"
>This last point is subtle. When testing for permissions, the
system looks at the groups in order. If you are denied permission, 
UNIX does not examine the next group. Consider the case of a file that 
is owned by user
<EM
CLASS="emphasis"
>jo</EM
>,
is in the group
<EM
CLASS="emphasis"
>guests</EM
>,
and has the permissions
<CODE
CLASS="literal"
>-----xrwx</CODE
>,
or
017
in octal.
This has the result that user
<EM
CLASS="emphasis"
>jo</EM
>
cannot use the file, anyone in group
<EM
CLASS="emphasis"
>guests</EM
>
can execute the program, and
everyone else besides
<EM
CLASS="emphasis"
>jo</EM
>
and 
<EM
CLASS="emphasis"
>guests</EM
>
can read, write, and execute the program.
This is not a very common set of permissions.
But some people use a
<SPAN
CLASS="link"
>similar mechanism (<A
CLASS="linkend"
HREF="ch22_14.htm"
TITLE="Add Users to a Group to Deny Permission "
>22.14</A
>)</SPAN
>
to deny
one group of users from accessing or using a file.
In the above case, 
<EM
CLASS="emphasis"
>jo</EM
>
cannot read or write
the file she owns.
She could use the
<SPAN
CLASS="link"
><EM
CLASS="emphasis"
>chmod</EM
> (<A
CLASS="linkend"
HREF="ch22_07.htm"
TITLE="Using chmod to Change File Permission "
>22.7</A
>)</SPAN
>
command to grant herself permission to read the file.
However, if the file was in a directory owned by someone else, and the directory
did not give <EM
CLASS="emphasis"
>jo</EM
> read or search permission, she would not be able to find the file 
to change its permission.</P
><P
CLASS="para"
>The above example is an extreme case.
Most of the time permissions fall into four
cases:</P
><OL
CLASS="orderedlist"
><LI
CLASS="listitem"
><P
CLASS="para"
>The information is personal. Many people have a directory or two in which they 
store information they do not wish to be public. 
Mail should probably be confidential, and all of your mailbox files should be
in a directory with permissions of 700, denying everyone but yourself and the 
superuser read access to your letters. 
(See article
<A
CLASS="xref"
HREF="ch04_05.htm"
TITLE="Private (Personal) Directories "
>4.5</A
>.)</P