A Conversation for UNIX File Permissions

Peer Review: A801947 - UNIX File Permissions

Post 1

Spelugx the Beige, Wizard, Perl, Thaumatologically Challenged

Entry: UNIX File Permissions - A801947
Author: S'pe;lug:x // Researcher, Ace!, Guru, ... // (1+8-3)×(1-1+7)=42 // see A672554! In PR - U183117

I picked this out of the CWW, ('though it went via the FM), and I've added some text to it, and I now think its ready for review.

spelugx -- writer


A801947 - UNIX File Permissions

Post 2

Cefpret

Good starting point.

I'd leave the whole octal thing out; I've never used it. 'chmod guo+x' is much simpler, in my opinion. But other things are missing: suid, (symbolic) links, and directories.

Especially regarding links there are some things that I've never understood, so I'm keen to see your explanations!smiley - smiley


A801947 - UNIX File Permissions

Post 3

Spelugx the Beige, Wizard, Perl, Thaumatologically Challenged

The reason I decided to keep the octal stuff [from the original article] in was because (after light testing) I found that ftp (at least the kerberised version I have, probably net-utils derived) only accepts octal codes.

Thanks for reminding me about suid and directories, I'll go and read the chmod manpage and then write something on them.

Ah links, what fun. Thank $deity that only root is allowed to hard link dirs. Actually links are quite simple, created with ln, unlinked with rm, permissions changed by chmod. With a hard links the permissions are in the inode so all links have the same permissions. With symbolic links ls always shows them with 0777, and permissions are only checked when you access the link and the other end (the thing pointed to) is looked up. Now all we need are hard links to symbolic links. smiley - winkeye

Spelugx - semi-fan of Brunel smiley - smiley


A801947 - UNIX File Permissions

Post 4

MaW

Leave octal stuff in - a lot of people still use it, and it's not uncommon to see instructions stating 'set the permission on (whatever) to 777' or something like that, so it's good to know what it means (I can never remember). Also, some UNIX systems don't have versions of chmod that understand the nice friendly g+rx type syntax. I pity their users...


A801947 - UNIX File Permissions

Post 5

MaW

Oh, but put more about using commands like

$ chmod a+rwx foo.txt

In, because they're a lot nicer!


A801947 - UNIX File Permissions

Post 6

xyroth

how about removing this thread, and submitting it properly. as it stands, some bright spark could press the submit for review button and we would have multiple threads to deal with.

also, one of the permissions you have is "-rwsrwx---" but you don't mention what the "s" stands for.


A801947 - UNIX File Permissions

Post 7

Spelugx the Beige, Wizard, Perl, Thaumatologically Challenged

What do you mean submit properly? smiley - huh I removed it from the WW, then waited for the cached copy of the article page to expire and clicked the `Submit for Review' button.

Last time I checked Jim had disabled any other way to submit to a Review Forum Conversation Forum (confused?)

spelugx -- a guru who should know what he's doing, but probably doesn't


A801947 - UNIX File Permissions

Post 8

MaW

It looks like it's properly submitted to me!

And yes, you should cover the s bit... and the d bit...


A801947 - UNIX File Permissions

Post 9

Phil

Seems good so far, a bit more polishing and it'll be great smiley - smiley

I think the bit with the octal should be left in.

You should put a footnote in about the ls command being sort of equivalent to the dos dir command as most of the people reading won't have any clue about unix.


A801947 - UNIX File Permissions

Post 10

xyroth

aaagh!! there apears to be a timewarp on the display for showing what forum it is in. when I wrote the post it was a few hours after the thread had appeared, but it was still showing "submit for review".

it seems to be o.k. now though.


A801947 - UNIX File Permissions

Post 11

Ausnahmsweise, wie üblich (Consistently inconsistent)

Hi,

Looks good!

I think Ritchie actually patented the suid bit. You could go into a bit more detail on how it's used. For example, a game that the average user invokes might want to maintain top scores in another file. The user shouldn't be able to modify the results directly, but an executable (the game) executed by that user should be able to update the results. That is, the permissions of the owner and not the invoking user are used.

Don't forget the special meaning of 'x' for directories.

A lot of people are quite familiar with 777, 337, etc. If you want to, you could link the octal foot note to an entry I wrote on number systems.


Awu


A801947 - UNIX File Permissions

Post 12

Spelugx the Beige, Wizard, Perl, Thaumatologically Challenged

I've added a section on the representation of the permissions in 'ls' and I've added some headers to remind me to add some stuff about links in the morning. I still need to add some stuff about setuid etc. I should get them added in the morning, but until then comments are welcome on the completed sections.

I'm particulary interested in comments on my grammar and how the order and structure hangs together since I'm rather smiley - sleepy at the moment.

spelugx -- now with added smiley - towel


A801947 - UNIX File Permissions

Post 13

MaW

"From the command line, however, you'll have to type a number like 755, or 666 or something else from 000 to 777."

This is downright inaccurate, as you later prove by mentioning symbolic permissions as arguments to chmod. Perhaps all chmod variants don't support it (I know the GNU one does, and the one on Solaris, because I've used them both), but it should be mentioned. I find it a lot easier.

Also, I don't know if this is a GNU-specific thing, but the syntax for symbolic permissions is a bit more complex and powerful than you describe here. I'm not aware of the full extent of it as I normally only use it to tweak existing permissions, but I do know how to do that. Some examples which may help express the full syntax:

chmod u+x foo.pl
- add execute permission for the owner (user - o is used later) of foo.pl

chmod g-wx foo.pl
- remove write and execute permissions for members of foo.pl's group

chmod o=r foo.pl
- set the permissions for all other users to be read, no write, no execute

chmod rwxrwxrwx foo.pl
- don't do this!


A801947 - UNIX File Permissions

Post 14

Spelugx the Beige, Wizard, Perl, Thaumatologically Challenged

The bit which is 'downright inaccurate' is part of the original article, and I forgot to change it, so thank MaW! smiley - ok

spelugx -- still with a smiley - towel


A801947 - UNIX File Permissions

Post 15

MaW

smiley - biggrin

Excellent.


A801947 - UNIX File Permissions

Post 16

Spelugx the Beige, Wizard, Perl, Thaumatologically Challenged

I've just finished the section on 'directories and the lesser used bits' (setuid, setgid, sticky), so its now available for comment.

Ausnahmsweise, wie üblich: I used your example of a computer game for the setuid/gid bits, so would you like me to credit you or not on the authors list?

spelugx -- smiley - towel


A801947 - UNIX File Permissions

Post 17

MaW

Much improved smiley - smiley

You might want to mention when you revise the section on links that soft links are also frequently called symbolic links, or symlinks for short, and perhaps mention what hard links are as opposed to symlinks.

Speaking of hard links, is there anyone who actually uses them regularly? I can't think of a single instance of a hard link I've ever come across on my Linux box - there are, however, symlinks everywhere, especially in /usr/lib.


A801947 - UNIX File Permissions

Post 18

Ausnahmsweise, wie üblich (Consistently inconsistent)

Hi,

No need to give me credit for that little tid bit! I remembered it from a course a long time ago. Glad I was able to help.

Awu


A801947 - UNIX File Permissions

Post 19

Spelugx the Beige, Wizard, Perl, Thaumatologically Challenged

I've been doing some writing and some thinking for the links section, and it seems to now cover more than just the 'interesting' ways permissions interact with them, so I thought about splitting it off into a separate article. The problem comes when I want to link to that article from this one, since the article on links would have to be an edited article too. Also since I seem to still have quite a bit to add to this article, I think that I will remove this one from PR, write an article on links, get it edited and then submit this one again. What do *you* think? (Thanks for all you your comments, too, they've been very useful).

spelugx -- an author authoring


A801947 - UNIX File Permissions

Post 20

MaW

Well, it's your Entry, so you can do what you like with it. However, whatever you do, don't take too long! This Entry really should be in the Edited Guide (after further enhancement of course).


Key: Complain about this post