Differences between version 11 and revision by previous author of FilePermissions.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
Newer page: | version 11 | Last edited on Thursday, April 5, 2007 10:30:10 pm | by AristotlePagaltzis | Revert |
Older page: | version 9 | Last edited on Thursday, April 5, 2007 7:03:43 pm | by AlastairPorter | Revert |
@@ -21,13 +21,15 @@
[UNIX] file permissions are made up of three groups: the __u__ser who owns the file, the __g__roup that the file belongs to, and __o__ther people. These letters are important as you can use them to instruct [chmod(1)] change the permission of the file.
For each part, you have __r__ead, __w__rite, and e__x__ecute access. These are displayed as <tt>rwx</tt>.
-Typically, system data files as well files served from a WebServer or such have <tt>-rw-r--r--</tt>, ie. they're readable for everyone but writable only for their owner; files with private data have <tt>-rw-------</tt>: readable and writeable only for their owner and noone else. Directories and executable files generally have <tt>-rwxr-xr-x</tt>: they're readable and executable for everyone but writable only for their owner. The executable permission on directories means that it may be used as part of a path; f.ex., if user <tt>bob</tt> does not have execute permission for <tt>/var/queue/joe</tt>, he will not be able to read <tt>/var/queue/joe/msg.371</tt>, even if he has read permission on the file itself.
If <tt>/var/queue/joe</tt> has the execute permission set, but not the read permission then bob will not be able to get a directory listing.
However, if he knows the name of a file in that directory then he can still read it (assuming of course
he has the permissions to
read that file.
+Typically, system data files as well files served from a WebServer or such have <tt>-rw-r--r--</tt>, ie. they're readable for everyone but writable only for their owner; files with private data have <tt>-rw-------</tt>: readable and writeable only for their owner and noone else. Directories and executable files generally have <tt>-rwxr-xr-x</tt>: they're readable and executable for everyone but writable only for their owner.
+
+
The executable permission on directories means that it may be used as part of a path; f.ex., if user <tt>bob</tt> does not have execute permission for <tt>/var/queue/joe</tt>, he will not be able to read <tt>/var/queue/joe/msg.371</tt>, even if he has read permission on the file itself. If <tt>/var/queue/joe</tt> has the execute permission set, but not the read permission,
then <tt>
bob</tt>
will not be able to get a directory listing. ''
However''
, if he knows the name of a file in that directory, eg. he knows that <tt>/var/queue/joe/msg.371</tt> exists,
then he can still reach it to
read it (assuming he has read permission for
that file)
.
Permissions are altered on the [Shell] using [chmod(1)]. (''Missing here is an explanation of the 4=r, 2=w, 1=x mapping. Feel free to AddToMe.'')
-Generally, the fewer permissions you grant, the better. Most importantly, there's almost never a good reason to make files writable for everyone
.
+Generally, the fewer permissions you grant, the better. Most importantly, there's almost never a good reason to grant write permission to "other people"
.
!!! Sticky and setuid
There are actually two more permissions that are almost never useful outside of system files (so if you're not in this to learn how [UNIX] works, you can skip this part).