Introduction to UNIX Notes:32

3.2 UNIX File and Directory Security

			
UNIX File and Directory Security: Each file and directory has 
permissions associated with it that directly affect whether you can read, 
modify, or run the file in question. An additional dimension is that you 
have varying access depending on what type of user you are:
	owner (u) group member (g) or other user [not in the group] (o)
The permissions for any user category are: 
	read (r) write (w) and execute file (x) or access directory (x)
	and lack of permission (-)

Commands to learn:
chmod(1)                - change file mode
umask(1)                - get or set the file mode creation mask

Use ls -l to show permission string as 2nd through 10th characters 
starting at the left.

Checking the access: use both the file permission and directory 
permission strings to determine accessibility.  The default access on a 
given UNIX system is:
	rw-rw-rw-	Most cooperative
	rw-rw-r--	somewhat cooperative
	rw-r--r--	somewhat uncooperative
	rw-r-----	rather uncooperative
	rw-------	Most Private

Changing Access permissions (if you have permission to) using chmod: 
{ type of user } operator { type of permission } or                     Octal
      u		    +		  rwx                        rwxrw-rw-   766
      g        	    -             rwx                        rw----rw-   606
      o		    =             rwx                        ------rwx   007
				  stST

The correspondence between the algebraic and the octal (arithmetic)
is as follows:
r=400, w=200, x=100 - = 700 for the owner (u) type of user
r=040, w=020, x=010 - = 070 for the group (g) type of user
r=004, w=002, x=001 - = 007 for the other (o) type of user.

so an octal 766 is composed of (4+2+1)(4+2+0)(4+2+0), where ( ) is an 
octal digit                     r w x  r w -  r w -

Another way:	rwxr-xrw- has either a letter or a dash in each place
                111101110	is the binary equivalent so
111=7	101=5	110=6 		so  rwxr-xrw- is equivalent to 756 octal

in fact: 000=0 001=1 010=2  011=3  100=4   101=5   110=6  111=7

Examples:

$ ls -l filename
-r--r--r--  1  rkatz  rkatz   51  Apr 17 19:37  filename
$ chmod u+rwx filename
$ ls -l filename
-rwxr--r--  1  rkatz  rkatz   51  Apr 17 19:37  filename
$ chmod 755 filename
$ ls -l filename
-rwxr-xr-x  1  rkatz  rkatz   51  Apr 17 19:37  filename
$ chmod ugo+w filename
$ ls -l filename
-rwxrwxrwx  1  rkatz  rkatz   51  Apr 17 19:37  filename
$ chmod 342 filename
$ ls -l filename
--wxr---w-  1  rkatz  rkatz   51  Apr 17 19:37  filename
$ chmod ugo-rwx filename
$ ls -l filename
----------  1  rkatz  rkatz   51  Apr 17 19:37  filename
$ chmod 644 filename
$ ls -l filename
-rw-r--r--  1  rkatz  rkatz   51  Apr 17 19:37  filename

$ umask
027
$ echo hi > newfile
$ ls -l newfile
-rw-r-----  1  rkatz  rkatz    3  Apr 17 19:39  newfile
$ umask 022
$ echo "hi there" > newerfile
$ ls -l newerfile
-rw-r--r--  1  rkatz  rkatz    9  Apr 17 19:39  newerfile
Questions? Robert Katz: rkatz@ned.highline.edu
Last Update July 9, 2002