06-03-2012, 03:53 PM
File Permissions
[attachment=18036]
There are three specific permissions on Unix-like systems that apply to each class:
The read permission, which grants the ability to read a file. When set for a directory, this permission grants the ability to read thenames of files in the directory (but not to find out any further information about them such as contents, file type, size, ownership, permissions, etc.)
The write permission, which grants the ability to modify a file. When set for a directory, this permission grants the ability to modify entries in the directory. This includes creating files, deleting files, and renaming files.
The execute permission, which grants the ability to execute a file. This permission must be set for executable binaries (for example, a compiled C++ program) or shell scripts (for example, a Perl program) in order to allow the operating system to run them. When set for a directory, this permission grants the ability to traverse its tree in order to access files or subdirectories, but not see the content of files inside the directory (unless read is set).
Octal notation
Another common method for representing Unix permissions is octal notation. Octal notation consists of a three- or four-digit base-8 value.
With three-digit octal notation, each numeral represents a different component of the permission set: user class, group class, and "others" class respectively.
Each of these digits is the sum of its component bits (see also Binary numeral system). As a result, specific bits add to the sum as it is represented by a numeral:
The read bit adds 4 to its total (in binary 100),
The write bit adds 2 to its total (in binary 010), and
The execute bit adds 1 to its total (in binary 001).
These values never produce ambiguous combinations; each sum represents a specific set of permissions.
User private group
Some systems diverge from the traditional POSIX-model of users and groups, by creating a new group – a "user private group" – for each user. The "user private group" scheme can be preferred for a variety of reasons[8][9][10] including using a umask of 002 and not having every "user" able to write to newly created files. In this case however, no other users must be added to the "user private group" or they will have write-permission on all files.
[attachment=18036]
There are three specific permissions on Unix-like systems that apply to each class:
The read permission, which grants the ability to read a file. When set for a directory, this permission grants the ability to read thenames of files in the directory (but not to find out any further information about them such as contents, file type, size, ownership, permissions, etc.)
The write permission, which grants the ability to modify a file. When set for a directory, this permission grants the ability to modify entries in the directory. This includes creating files, deleting files, and renaming files.
The execute permission, which grants the ability to execute a file. This permission must be set for executable binaries (for example, a compiled C++ program) or shell scripts (for example, a Perl program) in order to allow the operating system to run them. When set for a directory, this permission grants the ability to traverse its tree in order to access files or subdirectories, but not see the content of files inside the directory (unless read is set).
Octal notation
Another common method for representing Unix permissions is octal notation. Octal notation consists of a three- or four-digit base-8 value.
With three-digit octal notation, each numeral represents a different component of the permission set: user class, group class, and "others" class respectively.
Each of these digits is the sum of its component bits (see also Binary numeral system). As a result, specific bits add to the sum as it is represented by a numeral:
The read bit adds 4 to its total (in binary 100),
The write bit adds 2 to its total (in binary 010), and
The execute bit adds 1 to its total (in binary 001).
These values never produce ambiguous combinations; each sum represents a specific set of permissions.
User private group
Some systems diverge from the traditional POSIX-model of users and groups, by creating a new group – a "user private group" – for each user. The "user private group" scheme can be preferred for a variety of reasons[8][9][10] including using a umask of 002 and not having every "user" able to write to newly created files. In this case however, no other users must be added to the "user private group" or they will have write-permission on all files.