You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

458 lines
16 KiB

<h1>Permissions</h1>
<h2>Contents</h2>
<ol>
<li><a href="#introduction">Introduction</a></li>
<li><a href="#permissions">Permissions</a>
<ul>
<li><a href="#permissiontypes">Permission types</a></li>
<li><a href="#userclasses">User classes</a></li>
<li><a href="#anexample">An example</a></li>
<li><a href="#linksandpermissions">Links and permissions</a></li>
</ul>
</li>
<li><a href="#changing">Changing permissions&hellip;</a></li>
<li><a href="#explained">&hellip;explained</a></li>
<li><a href="#anotherway">&hellip;another way</a></li>
<li><a href="#flags">File Flags</a></li>
</ol>
<h2><a id="introduction" />Introduction</h2>
<p>Unix was created to be a multi-user operating system. The
intention was not for everybody to have full access
to all files, but to allow file owners to specify which
users should have what kind of access.
</p>
<h2><a id="permissions" />Permissions</h2>
<p>A Unix file system allows users to assign to files
(including directories: "In Unix, Everything Is a File.")
they own any combination of three permission
types (<strong>r</strong>, <strong>w</strong>,
<strong>x</strong>) to three classes of users
(<strong>u</strong>, <strong>g</strong>,
<strong>o</strong>). When a user requests access to a
file, Unix first determines the requester's
user class relative to the target file, then checks if
the permission type requested has been assigned to that
user class.
</p>
<h3><a id="permissiontypes" />Permission types</h3>
<p>The effect of the three permission types varies depending on
whether they apply to a file or a directory.
</p>
<table border="1">
<thead>
<tr><th>Type</th><th>On file</th><th>On directory</th></tr>
</thead>
<tbody>
<tr>
<th>r</th>
<td>Read file contents.</td>
<td>List name, size, modification date, etc. of files in
directory.<sup>1</sup></td>
</tr>
<tr>
<th>w</th>
<td>Change (<strong>w</strong>rite) file contents.</td>
<td>Add or remove files from directory.<sup>2</sup></td>
</tr>
<tr>
<th>x</th>
<td>Shell will attempt to e<strong>x</strong>ecute file
if file name
entered by itself on command line.
</td>
<td>Access (read or write) the directory<sup>3</sup> or
any files in the directory or its subtree, or make
the directory the user's working directory.
</td>
</tr>
<tr>
<td colspan="3"><strong>Notes:</strong>
<ol>
<li>File information can be obtained even without
directory <strong>r</strong> permission if a
file's full name is specified,
</li>
<li><strong>w</strong> directory permission allows a
user to delete a file from the directory, <em>even
if the user does not have <strong>w</strong>
(change contents) permission for the file
itself</em>. The reverse is also possible: a user
who lacks <strong>w</strong> directory permission
may be able to modify the contents of a file in the
directory but not delete it.
</li>
<li>Implementations vary on the permission required to
list directory file names. SDF hosts (running
NetBSD) will list directory files if the user has
<strong>r</strong> permission for the directory.
Other implementations require both
<strong>r</strong> and <strong>x</strong>
permissions to list directory files.
</li>
</ol>
</td>
</tr>
</tbody>
</table>
<p>Unlike some other file systems, such as NTFS,
neither <strong>r</strong> nor <strong>w</strong>
directory permission have any influence on
<strong>r</strong> or <strong>w</strong> permission for
subdirectories or files anywhere in the directory's
subtree. <strong>r</strong> or <strong>w</strong>
permission is determined by what has been assigned to your
user class for the directory in question without considering
<strong>r</strong> and <strong>w</strong> permission for
directories higher in the file system tree.
</p>
<p>However, directory <strong>x</strong> permission
<em>does</em> affect permissions for subdirectories and files
farther down the directory subtree. To access a file, a user
must have <strong>x</strong> permission on every directory in
the file's path. In other words, lack of <strong>x</strong>
permission for a directory effectively prevents access to any
files in the directory's subtree.
</p>
<h3><a id="userclasses" />User classes</h3>
<p>For a given file, the Unix file system divides users into
three classes:
</p>
<table border="1">
<thead>
<tr><th>Class</th><th>Users</th></tr>
</thead>
<tbody>
<tr>
<th>u</th>
<td><em><strong>U</strong>ser</em>. The current owner
of the file.
</td>
</tr>
<tr>
<th>g</th>
<td><em><strong>G</strong>roup</em>. Members of the user
group to which the file has been assigned.
</td>
</tr>
<tr>
<th>o</th>
<td><em><strong>O</strong>thers</em>. Users not in either
of the above classes. This is the user class that
SDF's web server uses when a web browser requests a
file from your web site.<sup>1</sup>
</td>
</tr>
<tr>
<td colspan="2"><strong>Notes:</strong>
<ol>
<li>The use of CGI programs on a web site complicates
the permission check. Access to the CGI program
file itself is checked with user class
<strong>o</strong>. Many web servers are
configured so that file access requests from CGI
programs are also checked with user class
<strong>o</strong>. However, the SDF web server has
been configured to execute CGI programs with the
permissions of the owner of the program file
(<em>you</em>, for CGI programs you have installed
on your SDF web site). Therefore if your CGI
program accesses files owned by you, permissions
will be checked with user class <strong>u</strong>.
Files not owned by you will be checked with user
class <strong>o</strong>.
</li>
</ol>
</td>
</tr>
</tbody>
</table>
<h3><a id="anexample" />An example</h3>
<p>File permission information can be obtained with the long
listing option of the <tt>ls</tt> command: <tt>ls -l</tt>
</p>
<table>
<tr>
<td><tt>drwxr-xr-x</tt></td><td><tt>2</tt></td><td><tt>papa</tt></td><td><tt>arpa</tt></td><td style="text-align: right;"><tt>512</tt></td><td><tt>Sep 29 01:02</tt></td><td><tt>arpastuff</tt></td>
</tr>
<tr>
<td><tt>-rwxr-x---</tt></td><td><tt>1</tt></td><td><tt>papa</tt></td><td><tt>arpa</tt></td><td style="text-align: right;"><tt>11402</tt></td><td><tt>Sep 29 01:02</tt></td><td><tt>hello</tt></td>
</tr>
<tr>
<td><tt>-rw-r-----</tt></td><td><tt>1</tt></td><td><tt>papa</tt></td><td><tt>arpa</tt></td><td style="text-align: right;"><tt>13</tt></td><td><tt>Sep 29 01:02</tt></td><td><tt>hello.txt</tt></td>
</tr>
<tr>
<td style="text-align: center;"><em>a</em></td><td></td><td style="text-align: center;"><em>b</em></td><td style="text-align: center;"><em>c</em></td><td style="text-align: right;"></td><td></td><td></td>
</tr>
</table>
<p>Field <em>a</em> is the <em>file mode</em>, a string of ten
one-character flags that indicate the file's permissions and
other information. The following is a list of mode flags in
character order with a partial list of possible flag values
for each:
</p>
<ol>
<li>File type.
<dl compact>
<dt><tt>d</tt></dt><dd>directory</dd>
<dt><tt>-</tt></dt><dd>ordinary file<dd>
</dl>
</li>
<li><strong>r</strong> permission for file owner (user class
<strong>u</strong>).
<dl compact>
<dt><tt>r</tt></dt><dd>yes<dd>
<dt><tt>-</tt></dt><dd>no<dd>
</dl>
</li>
<li><strong>w</strong> permission for file owner (user class
<strong>u</strong>).
<dl compact>
<dt><tt>w</tt></dt><dd>yes<dd>
<dt><tt>-</tt></dt><dd>no<dd>
</dl>
</li>
<li><strong>x</strong> permission for file owner (user class
<strong>u</strong>).
<dl compact>
<dt><tt>x</tt></dt><dd>yes<dd>
<dt><tt>-</tt></dt><dd>no<dd>
</dl>
</li>
<li><strong>r</strong> permission for file user group (user
class <strong>g</strong>).
<dl compact>
<dt><tt>r</tt></dt><dd>yes<dd>
<dt><tt>-</tt></dt><dd>no<dd>
</dl>
</li>
<li><strong>w</strong> permission for file user group (user
class <strong>g</strong>).
<dl compact>
<dt><tt>w</tt></dt><dd>yes<dd>
<dt><tt>-</tt></dt><dd>no<dd>
</dl>
</li>
<li><strong>x</strong> permission for file user group (user
class <strong>g</strong>).
<dl compact>
<dt><tt>x</tt></dt><dd>yes<dd>
<dt><tt>-</tt></dt><dd>no<dd>
</dl>
</li>
<li><strong>r</strong> permission for other users (user
class <strong>o</strong>).
<dl compact>
<dt><tt>r</tt></dt><dd>yes<dd>
<dt><tt>-</tt></dt><dd>no<dd>
</dl>
</li>
<li><strong>w</strong> permission for other users (user
class <strong>o</strong>).
<dl compact>
<dt><tt>w</tt></dt><dd>yes<dd>
<dt><tt>-</tt></dt><dd>no<dd>
</dl>
</li>
<li><strong>x</strong> permission for other users (user
class <strong>o</strong>).
<dl compact>
<dt><tt>x</tt></dt><dd>yes<dd>
<dt><tt>-</tt></dt><dd>no<dd>
</dl>
</li>
</ol>
<p>Field <em>b</em> is the user ID of the <em>file owner</em>.
Field <em>c</em> is <em>user group</em> the file has been
assigned to.
</p>
<p>So for the three files in the <tt>ls</tt> listing above:</p>
<dl>
<dt>Directory <tt>arpastuff</tt></dt>
<dd>User <tt>papa</tt> can list, add, and delete files in
<tt>arpastuff</tt>, access the directory's subtree, or
make the directory his working directory. Users in group
<tt>arpa</tt> and all other users can list files in the
directory, access the directories subtree, or make the
directory their working directory, but not add or delete
files.
</dd>
<dt>File <tt>hello</tt></dt>
<dd>User <tt>papa</tt> can read or modify the contents of
<tt>hello</tt> or execute it from the command line
(presumably the file contents are an executable binary or
a script). Users in group <tt>arpa</tt> may view or
execute the file but not modify it. Other users may not
access the file.
</dd>
<dt>File <tt>hello.txt</tt></dt>
<dd>User <tt>papa</tt> can read or modify the contents of
<tt>hello.txt</tt>. Users in group <tt>arpa</tt> may
view the file. Other users may not access the file.
</dd>
</dl>
<h3><a id="linksandpermissions" />Links and permissions</h3>
<p>In general, the above discussion also applies to hard and
symbolic file links. The files system automatically maintains
links to keep the same effective permissions as the target
file. (For symbolic links, the <tt>ls</tt> command displays
a file mode with all permission types assigned for all user
classes, but when file access is requested with the link,
the permissions of the target file are applied.)
</p>
<p>However, it is possible for hard links to avoid directory
<strong>x</strong> permission restrictions in some
configurations. Suppose a user has access to a file
<tt>./d1/f1</tt> to which there is a hard link outside
directory <tt>d1</tt>'s subtree, <tt>./h1</tt>. If the use
loses <strong>x</strong> permission for <tt>d1</tt>, he will
not be able to access <tt>./d1/f1</tt>, <em>but he will still
be able to access the same file with his original permissions
by using the hard link</em> <tt>./h1</tt>.
</p>
<h2><a id="changing" />Changing permissions&hellip;</h2>
<p>Permissions are changed with the command <tt>chmod</tt>:</p>
<code>chmod <em>permission-mode</em> <em>file-name</em></code>
<p>Let's take a look at this example,</p>
<code>chmod 644 index.html</code>
<p>What does that number, 644, stand for?</p>
<h2><a id="explained" />&hellip;explained</a></h2>
<p>The <em>permission-mode</em> is a numeric representation of
the nine file mode permission flags. As mentioned earlier,
there are three permission types of and three user classes.
Each digit represents the permission types assigned to a user
class.
</p>
<table>
<tr><th>User class:</th><th>u</th><th>g</th><th>o</th></tr>
<tr><th>Permission code:</th><td>6</td><td>4</td><td>4</td></tr>
</table>
<p>The permission code for each use class is calculated by
summing the values corresponding to the permission types
assigned to the user class: 4 for <strong>r</strong>
permission , 2 for <strong>w</strong> permission, 1 for
<strong>x</strong> permission.
</p>
<p>In the above example, I want file <tt>index.html</tt> to be
readable by all users but writable by only me. Therefore
permission codes would be as follows:
</p>
<table border="1">
<tr><th>User class</th><th>Permission types</th><th>Permission code</th></tr>
<tr>
<th>u (myself)</th>
<td><strong>r</strong> (4), <strong>w</strong> (2)</td>
<td style="text-align: right;">4 + 2 = <strong>6</strong></td>
</tr>
<tr>
<th>g (group)</th>
<td><strong>r</strong> (4)</td>
<td style="text-align: right;"><strong>4</strong></td>
</tr>
<tr>
<th>o (others)</th>
<td><strong>r</strong> (4)</td>
<td style="text-align: right;"><strong>4</strong></td>
</tr>
</table>
<p>Thus:</p>
<code>chmod 644 index.html</code>
<p>Et voila!</p>
<h2><a id="anotherway" />&hellip;another way</h2>
<p><tt>chmod</tt> supports an alternate syntax for specifying
permission modes that is more convenient for changing one or
a few permissions at a time and is slightly easier to
remember than the numeric mode coding above.
</p>
<p><em>&lt;user-classes&gt;&lt;operation&gt;&lt;permission-types&gt;</em>[,<em>&lt;user-classes&gt;&lt;operation&gt;&lt;permission-types&gt;</em>]&hellip;</p>
<dl>
<dt><em>user-classes</em></dt>
<dd>User class(es) for which permissions are to be changed.
Specify with one-character class symbols <tt>u</tt>,
<tt>g</tt>, <tt>o</tt>, or <tt>a</tt> for all classes.
May specify more than one class.
</dd>
<dt><em>operation</em></dt>
<dd>One of the following:
<dl compact>
<dt><tt>+</tt></dt><dd>Add permission types to user classes.</dd>
<dt><tt>-</tt></dt><dd>Remove permission types from user classes.</dd>
<dt><tt>=</tt></dt><dd>Set permission types for user classes.</dd>
</dl>
</dd>
<dt><em>permission-types</em></dt>
<dd>Permission type(s) to be set or removed. Use
one-character type symbols <tt>r</tt>, <tt>w</tt>,
or <tt>x</tt>. May specify more than one type.
</dd>
</dl>
<p>Therefore the command:</p>
<code>chmod u=rw,go=r index.html</code>
<p>would have the same effect as the example command:</p>
<code>chmod 644 index.html</code>
<p>If I later wanted to give <strong>w</strong> permission to
members of the file's user group, I could use the command:
</p>
<code>chmod g+w index.html</code>
<h2><a id="flags" />File Flags</h2>
<p>In addition to the file permissions we've already discussed, we also
have file flags. File flags add additional security and control over
files, but not directories. File flags are altered using the
chflags(1) utility.
</p>
<code>% chflags uunlnk foo</code>
<p>would be used to set the user undelete flag, and to disable that
flag, simply add "no" in front of the option (in this example,
uunlnk), like so:
</p>
<code>chflags nouunlnk foo</code>
<hr />
<cite>$Id: permissions.html,v 1.8 2007/10/02 11:22:28 papa Exp $</cite>