FACTOID # 28: Austin, Texas has more people than Alaska.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
   
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > File permissions

Most modern file systems have methods of administering permissions or access rights to specific users and groups of users. These systems control the ability of the users affected to view or make changes to the contents of the file system. In computing, a file system is a method for storing and organizing computer files and the data they contain to make it easy to find and access them. ...

Contents


Differences between operating systems

Unix-like and otherwise POSIX-compliant systems have a simple system for managing individual file permissions. POSIX also specifies a system of Access Control Lists, but it is only implemented by certain file systems and operating systems. A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification. ... To meet Wikipedias quality standards, this article or section may require cleanup. ... The access control list (ACL) is a concept in computer security used to enforce privilege separation. ...


DOS variants (including the Microsoft products MS-DOS, Windows 95, Windows 98, and Windows Me) do not have permissions. There is a "read-only" attribute that can be set or unset on a file by any user or program. ‹ The template below has been proposed for deletion. ... Microsofts disk operating system, MS-DOS, was Microsofts implementation of DOS, which was the first popular operating system for the IBM PC, and until recently, was widely used on the PC compatible platform. ... A boxed copy of Windows 95 Upgrade. ... Windows 98 (codename Memphis) is a graphical operating system released on June 25, 1998 by Microsoft. ... Windows Me (originally codenamed Millennium), also known as Windows Millennium Edition, is a 16-bit/32-bit graphical operating system released on September 14, 2000 by Microsoft. ...


Mac OS X, Microsoft Windows NT and its derivatives (including Windows 2000 and Windows XP), as well as VMS and OpenVMS use Access Control Lists (ACLs) to administer a more complex and varied set of permissions. Mac OS X is a proprietary operating system developed and sold by Apple Computer, Inc. ... Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. ... Windows 2000 (also referred to as Win2K or W2K) is a preemptible and interruptible, graphical, business-oriented operating system that was designed to work with either uniprocessor or symmetric multi-processor (SMP) 32-bit Intel x86 computers. ... Windows XP is the name of a line of operating systems developed by Microsoft for use on general-purpose computer systems, including home and business desktops, notebook computers, and media centers. ... VMS is a three-letter abbreviation with multiple meanings, as described below: Virtual Memory System (another name for OpenVMS), an operating system Variable message sign, an electronic traffic sign often used on highways Visual Memory System (better known as Visual Memory Unit), a storage device for the Sega Dreamcast console... OpenVMS (Open Virtual Memory System or just VMS) is the name of a high-end computer server operating system that runs on the VAX and Alpha family of computers developed by Digital Equipment Corporation of Maynard, Massachusetts (now owned by Hewlett-Packard), and more recently on Hewlett-Packard systems built... The access control list (ACL) is a concept in computer security used to enforce privilege separation. ...


Traditional Unix permissions

Permissions on Unix-like systems are managed in three distinct classes. These classes are known as user, group, and others. In effect, Unix permissions are a simplified form of access control lists (ACLs). A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification. ... The access control list (ACL) is a concept in computer security used to enforce privilege separation. ...


Classes

On Unix file systems, every file and directory is owned by a specific user. The owner of an object comprises its user class. Permissions assigned to the user class only apply to that specific user. In computing, a file system is a method for storing and organizing computer files and the data they contain to make it easy to find and access them. ... A computer file is a collection of information that is stored in a computer system and can be identified by its full path name. ... In computing, a directory, catalog, or folder, is an entity in a file system which contains a group of files and other directories. ...


A file or directory is also assigned a group, which comprises its group class. Permissions assigned to the group class only apply to members of that group.


Users who are not otherwise represented by the other two classes comprise a file's others class.


The effective permissions that have applied to a specific user in relation to a file are determined in logical precedence. For example, the user who owns the file will have the effective permissions given to the user class regardless of those assigned to the group or others class.


Basic Permissions

There are three specific permissions on Unix-like systems that apply to every class: A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification. ...

  • The read permission, which grants the ability to read a file or directory tree.
  • The write permission, which grants the ability to modify a file. When set for a directory, this permission grants the ability to modify its tree. This includes creating files, changing their permissions, and deleting files.
  • The execute permission, which grants the ability to execute a file. This permission must be set in order for any file—even an executable binary—to be executed or "run" on a system. When set for a directory, this permission grants the ability to traverse its tree.

When a permission is not set, the rights it would grant are denied. Unlike ACL-based systems, permissions on a Unix-like system are not inherited. Files created within a directory will not necessarily have the same permissions as that directory. The permissions to be assigned are determined using umasks. The access control list (ACL) is a concept in computer security used to enforce privilege separation. ... umask (abbreviated from user file creation mode mask) is a function on POSIX environments which sets the default file system mode for newly created files of the current process. ...


Additional Permissions

Unix-like systems typically employ three additional permissions or modes. These special permissions are set for a file or directory overall, not by a class. A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification. ...

  • The set user ID, setuid, or SUID permission. When a file for which this permission has been set is executed, the resulting process will assume the effective user ID given to the user class.
  • The set group ID, setgid, or SGID permission. When a file for which this permission has been set is executed, the resulting process will assume the group ID given to the group class. When setgid is applied to a directory, all new files created under that directory will inherit the group owner from that directory. (Default behaviour is to use the primary group of the effective user when setting group owner of new files)
  • The sticky permission. The typical behaviour of the sticky bit on executable files encourages the kernel to retain the resulting process image beyond termination. Directories for which the sticky permission has been set restrict user modifications to append-only. Users have full control over their own files and they may create new files. However, they can only append or add to the existing files of other users.

These additional permissions are also referred to as setuid bit, setgid bit, and sticky bit respectively, due to the fact that they each occupy only one bit. Setuid is a UNIX term, and is short for Set User ID. Setuid, also sometimes referred to as suid, is an access right flag that can be assigned to files and directories on a UNIX based operating system. ... On Unix-like systems, users are represented by a user identifier, often abbreviated UID. The range of values for a UID varies amongst different systems; at the very least, a UID can be between 0 and 32767, with some restrictions: The Superuser must always have a UID of zero (0). ... Setuid is a UNIX term, and is short for Set User ID. Setuid, also sometimes referred to as suid, is an access right flag that can be assigned to files and directories on a UNIX based operating system. ... In Unix-like systems, multiple users can be combined to form groups. ... The sticky bit is an access right flag that can be assigned to files and directories on Unix systems. ... In computer science, the kernel is the core piece of most operating systems. ...


Permission notation

Symbolic notation

There are many ways by which Unix permission schemes are represented. The most common form is symbolic notation. This scheme represents permissions as a series of 10 characters.

First Character
- a regular file
d a directory
l a symbolic link
Three groups of three
first what the owner can do
second what the group members can do
third what other users can do
The triplet
first r: readable, -: unreadable
second w: writable, -: write-protected
third x: executable, -: non-executable

The first character indicates the file type:

Each class of permissions is represented by three characters. The first set of characters represents the user class. The second set represents the group class. The third and final set of three characters represents the others class. In computing, a directory, catalog, or folder, is an entity in a file system which contains a group of files and other directories. ... A device node is a special file type used on many Unix-like operating systems. ... A device node is a special file type used on many Unix-like operating systems. ... In computing, a symbolic link (often shortened to symlink) is a special type of file that serves as a reference to another file. ... In computing, a named pipe (also FIFO for its behaviour) is an extension to the traditional pipe concept on Unix and Unix-like systems, and is one of the methods of interprocess communication. ...


Each of the three characters represent the read, write, and execute permissions respectively:

  • 'r' if the read bit is set, '-' if it is not.
  • 'w' if the write bit is set, '-' if it is not.
  • 'x' if the execute bit is set, '-' if it is not.

The following are some examples of symbolic notation:

  1. "-rwxr-xr-x" for a regular file whose user class has full permissions and whose group and others classes have only the read and execute permissions.
  2. "crw-rw-r--" for a character special file whose user and group classes have the read and write permissions and whose others class has only the read permission.
  3. "dr-x------" for a directory whose user class has read and execute permissions and whose group and others classes have no permissions.

Symbolic notation and additional permissions

The additional permissions complicate the symbolic notation somewhat. Because they are not often set by unprivileged users, knowledge of their specific convention is not necessary for an understanding of symbolic notation in general.

Permission Class Execute1 Non-exec.2
Set User ID (setuid) User s S
Set Group ID (setgid) Group s S
Sticky Others t T
  1. The character that will be used to indicate that the execute bit is also set.
  2. The character that will be used when the execute bit is not set.

Here is an example:

  • "-rwsr-Sr-x" for a file whose user class has read, write, execute, and setuid permissions; whose group class has read and setgid permissions; and whose others class has read and execute permissions.

Octal notation

Another common method for representing Unix permissions is octal notation. Octal notation consists of a three- or four-digit base-8 value. The octal numeral system is the base-8 number system, and uses the digits 0 to 7. ... A numeral is a symbol or group of symbols that represents a number. ...


With three-digit octal notation, each numeral represents a different component of the permission set: user class, group class, and "others" class respectively.


Each of these digits is the sum of its component bits (see also Binary numeral system). As a result, specific bits add to the sum as it is represented by a numeral: The binary numeral system (base 2 numerals) represents numeric values using two symbols, typically 0 and 1. ...

  • The read bit adds 4 to its total,
  • The write bit adds 2 to its total, and
  • The execute bit adds 1 to its total.

These values never produce ambiguous combinations; each sum represents a specific set of permissions.


These are the examples from the Symbolic notation section given in octal notation:

  • "-rwxr-xr-x" would be represented as 755 in three-digit octal.
  • "-rw-rw-r--" would be represented as 664 in three-digit octal.
  • "-r-x------" would be represented as 500 in three-digit octal.

Octal notation and additional permissions

There is also a four-digit form of octal notation. In this scheme, the standard three digits described above become the last three digits. The first digit represents the additional permissions. On some systems, this first digit cannot be omitted; it is therefore common to use all four digits (where the first digit is zero).


This first digit is also the sum of component bits:

  • The setuid bit adds 4 to the total,
  • The setgid bit adds 2 to the total, and
  • The sticky bit adds 1 to the total.

The example from the Symbolic notation and additional permissions section, "-rwsr-Sr-x" would be represented as 6745 in four-digit octal. In addition, the examples in the previous section would be represented as 0755, 0664, and 0500 respectively in four-digit octal notation.


See also


 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m