Earlier in this chapter, you saw that the ls command with the option -al displayed the permissions associated with a file or a directory. The permissions associated with a file or a directory tell who can or cannot access the file or directory, and what the user can or cannot do.
In UNIX, each user is identified with a unique login id. Additionally, multiple users can be grouped and associated with a group. A user can belong to one or more of these groups. However, a user belongs to one
primary group. All other groups to which a user belongs are called secondary groups. The user login id is defined
in the /etc/passwd file, and the user group is defined in /usr/group file. The file and directory permissions in UNIX are based on the user and group.
All the permissions associated with a file or a directory have three types of permissions:
Permissions for the owner: This identifies the operations the owner of the file or the directory can perform on the file or the directory
●
Permissions for the group: This identifies the operations that can be performed by any user belonging to
the same group as the owner of the file or the directory.
Permissions for world: This identifies the operations everybody else (other than the owner and members of the group to which the owner belongs) can do.
●
Using the permission attributes of a file or directory, a user can selectively provide access to users belonging to a particular group and users not belonging to a particular group. UNIX checks on the permissions in the order of owner, group, and other (world)--and the first permission that is applicable to the current user is used.
Here is an example of a file called testfile in the current directory, created by a user called guhas
belonging to a group called staff. The file is set up so that only the user guhas can read, modify, or delete the file; users belonging to the group can read it, but nobody outside the group can access it. Executing the following command from current directory
ls -al testfile
displays the permissions of the file testfile:
-rw-r--- 1 guhas staff 2031 Nov 04 06:14 testfile
You should be careful when setting up permissions for a directory. If a directory has read permissions only, you might be able to obtain a list of the files in the directory, but you will be prevented from doing any operations on the files in that directory.
For example, if you have a directory called testdir in the current directory, which contains a file called
testfile, and the group permissions for testdir is read-only, executing the following command
ls testdir
will display the result
testfile
However, if you want to see the content of the file testfile using the following command:
cat testdir/testfile
you will get the following error message:
cat: testdir/testfile permission denied
To perform any operation on testfile in testdir, you must have the execute permission for testdir. If you want all the members in your group to know the names of the files in a particular directory but do not want to provide any access to those files, you should set up the directory using only read permission.
The owner of a file is determined by the user who creates the file. The group to which the file belongs is dependent on which UNIX system you are working on. In some cases, the group is determined by the current directory. In other cases, you might be able to change to one of you secondary groups (by using the newgrp
command) and then create a file or directory belonging to that group.
Similarly, if you set up a directory with just execute permission for the group, all members of the group can access the directory. However, without read permission, the members of the group cannot obtain a list of
directories or files in it. However, if someone knows the name of a particular file within the directory, he or she can access the file with the file's absolute pathname.
For example, let us assume that we have a sub-directory testdir under /u/guhas that has a file called
testfile. Let us assume the sub-directory testdir has been set up with 710 permission (that is execute permission for the group). In such a case, if a member of the group executes the ls command on testdir, the following will be the result
ls -l testdir testdir unreadable
total 0
while if someone is aware of the file testfile and executes the following command
ls -l testdir/testfile
-rw-r--r-- 1 guhas staff 23 Jul 8 01:48 testdir/testfile
then he or she will get all the information about the file testfile.
In UNIX, there is a special user who has blanket permission to read, write and execute all files in the system regardless of the owner of the files and directories. This user is known as root.