History of statistics at UVa and Halsey Hall.
Degree programs and application materials.
The Statistical Consulting Service at UVa.
Computing information and resources.
Course offerings and links to class web pages.
Recent news, announcements, and the statistics events/seminar calendar.
Faculty, staff and graduate student directory.
Listing of publications by people in the department.
Go to the University of Virginia Home Page.Go to the UVa Statistics Home Page.Go to the UVa Biostatistics Home Page.Go to the UVa Mathematics Home Page.Find statistics related sites.
UNIX File Protection Overview

page: 1 | 2 | 3 | 4

Steve Losen (scl@virginia.edu)
ITC Unix Support
University of Virginia

The Unix filesystem allows you to control which users have access to your files and directories and what access modes are permitted. Although the file protection mechanism is fairly simple, it serves quite well under most circumstances. The protection mechanism is the same for files as it is for directories so for this discussion the term "object" refers to either a file or a directory.

Unix has three access modes: read, write and execute. You must have read access to read data from a file. You must have write access to modify the data in a file (including appending to the end). You must have execute access to execute (run) a file. These access modes operate independently, so having write access on a file does not imply read access. It may seem odd to be able to write to a file and yet not be able to read it, but that's Unix.

The access modes apply somewhat differently to directories. You must have execute access to gain access to anything inside a directory. If you lack execute access on a directory, then you cannot "cd" to it, nor do you have any access whatsoever to anything inside it. You must have read access to list the contents of a directory (with "ls", for example). If you lack read access on a directory, but have execute access, you can still access an object in the directory if you know the name of the object (or can guess it). You must have write and execute access to create, remove, or rename objects in a directory. Note that you do not need write access on the object you are removing because you are not modifying the data in the object. Removing an object modifies the data in the parent directory. If you have write and execute access on a directory you can remove any of its files or empty directories, regardless of who owns them or what permissions they have. You can also create objects in the directory no matter who owns it.

To control which users have which access rights, each object has an owner and a group. An object has just one owner and you own any object that you create. Only superuser can change the ownership of existing objects. A group is simply a named collection of users. The system administrator is responsible for making groups and assigning users to them. An object has just one group, but a user can belong to several groups. To see what groups you belong to, use the command "groups".

When you try to access an object, the system places you into one of three categories with respect to the object: user, group, or other. An object carries three sets of access modes, one for each of these three categories. If you own the object, then the "user" access modes control your access rights. If you are a member of the object's group and you are not the owner, then the "group" access modes control your access rights. If you neither own the object nor are a member of its group, then the "other" access modes control your access rights. Only one category (user, group, other) applies to you. If you try to access an object in a mode (read, write, execute) that is not enabled for your category, the system denies access and does not try any of the other categories. This means that an object can have some very weird permissions, such as being readable by everyone on the system except the owner.

Let us look at the access modes required to perform a simple Unix command:

cp file1 file2

At the very least you must have execute access on the current directory (or the system would not have let you into it). You need only have read access on file1. If file2 already exists you need only have write access on it. If file2 does not already exist you must have both write and execute access on the current directory to create file2. One more example:

rm *.old

You must have read, write, and execute access on the current directory for this to work. Without execute access you would not even be in this directory. You need read access in order to expand the wildcard "*.old". If you do not use a wildcard, you do not need directory read access in this example. You need directory write access to be able to remove anything from this directory. You need not own the files that you remove, nor have any access rights on them whatsoever.

The three access modes (read, write, execute) times the three categories (user, group, other) give a total of nine access modes. An object encodes these access modes in nine bits. If a bit is one, the corresponding access mode is enabled and if the bit is zero the access mode is disabled. This is a very compact way to store the permissions and comes from the days when every bit was precious.

page: 1 | 2 | 3 | 4