| Previous | Table of Contents | Next |
File permissions, listed in Table 18-1, apply to regular files and to special files, such as devices, sockets, and named pipes (FIFOs). When a file is a symbolic link, the permissions that apply are those of the file that the link points to.
| Symbol | Permission | Description |
|---|---|---|
| r | Read | Can open and read the contents of a file. |
| w | Write | Can write to the file (modify its contents), add to it, or delete it. |
| x | Execute | Can execute the file (if it is a program or shell script) or run it with one of the exec(1) system calls. |
| - | Denied | Cannot read, write, or execute the file. |
Directory permissions listed in Table 18-2 apply to directories.
| Symbol | Permission | Description |
|---|---|---|
| r | Read | List the files in the directory. |
| w | Write | Add or remove files or links in the directory. |
| x | Execute | Open or execute files in the directory. |
| - | Denied | Cannot list, write, or open the files in the directory. |
You can protect the files in a directory and its subdirectories by denying access to that directory. Note, however, that superuser has access to all files and directories on the system, regardless of permission settings. Other permission values and their meanings are discussed in the section “Special File Permissions (setuid, setgid, and Sticky Bit)” on page 402.
Instead of using the letter symbol, you can use a numeric argument for file and directory permissions. Table 18-3 shows the octal values for setting file permissions. You can use these numbers in sets of three to set permissions for owner, group, and other. For example, the value 644 sets permissions to rw-r—r—: read/write permissions for owner, and read-only permissions for group and other.
| Value | Permissions | Description |
|---|---|---|
| 0 | — | No permissions |
| 1 | —x | Execute-only |
| 2 | -w- | Write-only |
| 3 | -wx | Write, execute |
| 4 | r— | Read-only |
| 5 | r-x | Read, execute |
| 6 | rw- | Read, write |
| 7 | rwx | Read, write, execute |
When a user creates a file or directory, it is created using a default set of permissions. These default permissions are determined by the value of umask that is set in the /etc/profile system file or in the user's .cshrc, .login or .profile file. If no umask is set, the system sets the default permissions on a text file to 666, granting read and write permission to user, group, and other, and to 777 on a directory or executable file.
777 full permissions -022 umask 755 allowed permissions
The value assigned by umask is subtracted from the default. It denies permissions in the same way that the chmod command grants them. For example, while the command chmod 022 grants write permission to group and others, umask 022 denies write permission for group and others.
Table 18-4 shows some typical umask settings and describes the effect on an executable file.
| Security Level | umask | Disallows |
|---|---|---|
| 744 (Permissive) | 022 | Write for group and others |
| 740 (Moderate) | 027 | Write for group; read, write, execute for others |
| 741 (Moderate) | 026 | Write for group; read, write for others |
| 700 (Severe) | 077 | Read, write, execute for group and others |
A file can be one of the six types listed in Table 18-5.
| Symbol | Description |
|---|---|
| - | Text or program |
| d | Directory |
| b | Block special file |
| c | Character special file |
| p | Named pipe (FIFO) |
| L | Symbolic link |
Table 18-6 lists the file administration commands that you can use on files or directories.
| Command | Description |
|---|---|
| ls(1) | List the files in a directory and display information about them. |
| chown(1) | Change the ownership of a file. |
| chgrp(1) | Change the group ownership of a file. |
| chmod(1) | Change permissions on a file. |
Use the ls command to display information about files in a directory. The -l (long) option to the ls command displays the following information:
The -a option to the ls command displays all files, including hidden files that begin with a dot (.). To display information about files, type the following:
castle% ls -la
| Previous | Table of Contents | Next |