NOTE: Currently, this document covers only UNIX-style permissions.
Permissions are used to restrict access to data. In POSIX systems, the most common form of permissions (sometimes called a file's 'mode'), is by specifying who the owning user and group is, and then defining what access the owning user, group and "other" are. This is specified in a 9-byte string which can be described using a 3-digit number.
To note; this string will appear to be 10-bytes, but the first byte describes the file type ('-' for a file, 'd' for a directory, 's' for a symlink, etc). The 3-byte digit may also be expressed as four or five-digits as well, which describes certain special characteristics of the file. For now though, we'll keep it simple.
So, using this as an example (simplified string):
<permission> <user> <group> <file name> -rw-rw-r-- www-data digimer README
- This shows a file owned by the user 'www-data' and group 'digimer'.
- The file name is 'README'
- This file's permission string is '-rw-rw-r--'.
The permission string is made up of four parts;
* 1) first byte is the file type (as mentioned above), we will ignore this for now. * 2) 3-bytes showing the 'read', 'write and 'execute' writes of the owning user. * 3) 3-bytes showing the 'read', 'write and 'execute' writes of the owning group. * 4) 3-bytes showing the 'read', 'write and 'execute' writes of everyone else.
When a value is not present (not allowed), it is shown as a hyphen (-). So then:
-rw-rw-r-- |\_/\_/\_/ | | | \--- 'Other' (everyone else), can 'read the file, but not 'write to the file or | | | 'execute' the file (which means to run it, if it was a program). | | \------ 'Group', users who are a members of this group are allowed to 'read' and 'write' the file. | \--------- 'User', The owning user is allowed to 'read' and 'write' to this file. \----------- File type; being a hyphen indicates that this is a normal file. Ignore for now.
Because writing out that string is tedious to humans, a short-form was developed to describe the permissions. Following the example of binary, each section of three bytes was assigned a value, from right to left.
rwx ||\- 1 |\-- 2 \--- 4
By adding up the values of the "true" or set bytes, the permissions can be describe. So to use our example above, the permission could have been listed as:
Note: A 'hyphen' indicated that the permission is not granted (not 'true' or 'set'), so it is not added. rw-rw-r-- = (rwx)(rwx)(rwx) = (4+2+0)(4+2+0)(4+0+0) = (6)(6)(4) = 644 ||||||||\- 0 \ |||||||\-- 0 |-> Permissions for "everyone else". ||||||\--- 4 / |||||\---- 0 \ ||||\----- 2 |-> Permissions for people in the owning group. |||\------ 4 / ||\------- 0 \ |\-------- 2 |-> Permissions for the owner directly. \--------- 4 /
|Any questions, feedback, advice, complaints or meanderings are welcome.|
|Us: Alteeve's Niche!||Support: Mailing List||IRC: #clusterlabs on Freenode||© Alteeve's Niche! Inc. 1997-2019|
|legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions.|