3.5. Access-rights

Files and directories are protected with access-rights. They consist of two categories:

1. permissions (Read, Write, Execute)
2. ownership (User, Group, Others)

Below is a sample output of the ls -l command

- rwx r-x r-x   2   root   staff    [...]   filename
|  |   |   |    |    |       |
|  |   |   |    |    |       +-- belongs to group "staff" as well
|  |   |   |    |    |
|  |   |   |    |    +-- belongs to the user "root"
|  |   |   |    |
|  |   |   |    +-- link count (number of name references to this file)
|  |   |   |
|  |   |   +-- permissions for "others" (Read and Execute)
|  |   | 
|  |   +-- permissions for the group (Read and Execute)
|  | 
|  +-- permissions for the owner (user) (Read, Write and Execute)
|
+-- File type: normal  (d = directory, l = link, p = named pipe, ...)

Additionally, certain extra permissions exist, such as setuid and setgid, which are not explained here.

4 flags for each file:

1. file type:
   • - plain file
   • d directory
   • p named pipe
   • s socket
   • l link
   • b block device (disk, tape)
   • c character device (terminal, serial port, parallel port)
2. Read, Write and eXecute bits for the User (owner of the file)
3. Read, Write and eXecute bits for the Group
4. Read, Write and eXecute bits for the Others

To manipulate these access rights, two commands:

• chown: change ownership For example: chown root:staff file will change the owner and group of the file to respectively root and staff
• chmod: change mode. For example: chmod o-rx file or chmod 755 file

The 755 above represents the bit-values of the fields above, i.e.:

4   4   4
 2   2   2    <- values
  1   1   1
rwx r-x r-x   <- permissions

111 101 101   <- bit

 7   5   5    <- decimal

3.5.1. Various example combinations

3.5.2. Special bits

3.5.2.1. Setuid / Setgid

3.5.2.2. The sticky bit