HP-UX 11i Systems Administration Handbook and Toolkit (2nd Edition)
The best place to begin discussing permissions is by issuing the ls command, which lists the contents of directories. Permissions are the means by which files and directories are made secure on your UNIX system. Because UNIX is multi- user , potentially thousands of users could be accessing the files on a system. Permissions controls who has access to what files. Here is an example ls -l command and output: $ ls -l sort -rwxr-x--x 1 marty users 120 Jul 26 10:20 sort Issuing this command has produced a lot of information relating to a file called sort . Let's begin to understand what this listing has produced by analyzing the first set of characters (-rwxr-x--x). This set of characters is made up of four distinct fields, as shown in Figure 21-1. Figure 21-1. Permissions for File sort
The first character in this group is related to the file type. I covered some file types earlier, but the ls -l command does not analyze files to the same level of detail. Among the types of files that ls -l will list are shown in Figure 21-2: Figure 21-2. File Types of the ls Command
Keep in mind that file types can vary slightly from one UNIX variant to another. The file types listed in Figure 21-2 are common to most UNIX variants. For every file on the system, UNIX supports three classes of access:
These access rights are defined by the position of read (r), write (w), and execute (x) when the long listing command is issued. For the long listing ( ls -l ) issued earlier, you see the permissions in Table 21-1. Table 21-1. Long Listing Permissions for the File sort
Permissions are not granted where a "-" (hyphen) appears. In addition, there are other permissions, such as s, S, t, and T, which I don't cover at this time. You can see that access rights are arranged in groups of three: three groups of permissions with three access levels each. The owner, in this case marty , has read, write, and execute permissions on the file. Anyone in the group users is permitted read and execute access to the file. other is permitted only execute access of the file. The definitions of read, write, and execute differ somewhat for files and directories. Here is what you can do if you have read, write, and execute permissions for files:
Here is what you can do if you have read, write, and execute permissions for directories:
We will cover permissions again when the chmod command is described. |