Penguin
Recent Changes
Diff: FilePermissions
EditPageHistoryDiffInfoLikePages

Differences between version 12 and predecessor to the previous major change of FilePermissions.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 12 Last edited on Thursday, April 5, 2007 10:31:25 pm by AristotlePagaltzis Revert
Older page: version 8 Last edited on Wednesday, April 4, 2007 9:32:00 am by AristotlePagaltzis Revert
@@ -21,13 +21,15 @@
 [UNIX] file permissions are made up of three groups: the __u__ser who owns the file, the __g__roup that the file belongs to, and __o__ther people. These letters are important as you can use them to instruct [chmod(1)] change the permission of the file. 
  
 For each part, you have __r__ead, __w__rite, and e__x__ecute access. These are displayed as <tt>rwx</tt>. 
  
-Typically, system data files as well files served from a WebServer or such have <tt>-rw-r--r--</tt>, ie. they're readable for everyone but writable only for their owner; files with private data have <tt>-rw-------</tt>: readable and writeable only for their owner and noone else. Directories and executable files generally have <tt>-rwxr-xr-x</tt>: they're readable and executable for everyone but writable only for their owner. The executable permission on directories means that it may be used as part of a path; f.ex., if user <tt>bob</tt> does not have execute permission for <tt>/var/queue/joe</tt>, he will not be able to read <tt>/var/queue/joe/msg.371</tt>, even if he has read permission on the file itself. 
+Typically, system data files as well files served from a WebServer or such have <tt>-rw-r--r--</tt>, ie. they're readable for everyone but writable only for their owner; files with private data have <tt>-rw-------</tt>: readable and writeable only for their owner and noone else. Directories and executable files generally have <tt>-rwxr-xr-x</tt>: they're readable and executable for everyone but writable only for their owner.  
+  
+ The executable permission on directories means that it may be used as part of a path; f.ex., if user <tt>bob</tt> does not have execute permission for <tt>/var/queue/joe</tt>, he will not be able to read <tt>/var/queue/joe/msg.371</tt>, even if he has read permission on the file itself. If <tt>/var/queue/joe</tt> has the execute permission set, but not the read permission, then <tt>bob</tt> will not be able to get a directory listing. ''However'', if he knows the name of a file in that directory, eg. he knows that <tt>/var/queue/joe/msg.371</tt> exists, then he can still reach it to read it (assuming he has read permission for that file)
  
 Permissions are altered on the [Shell] using [chmod(1)]. (''Missing here is an explanation of the 4=r, 2=w, 1=x mapping. Feel free to AddToMe.'') 
  
-Generally, the fewer permissions you grant, the better. Most importantly, there's almost never a good reason to make files writable for everyone
+Generally, the fewer permissions you grant, the better. Most importantly, there's almost never a good reason to grant write permission to "other people"
  
 !!! Sticky and setuid 
  
 There are actually two more permissions that are almost never useful outside of system files (so if you're not in this to learn how [UNIX] works, you can skip this part). 
@@ -41,13 +43,13 @@
 [chmod(1)] has a potentially very convenient switch: <tt>-R</tt>, which, as you'll suspect if you've used other [UNIX] tools, means "recurse into directories and apply the change to the entire directory tree." However, because directories need to be executable before you can refer to any of the files inside them, it would sometimes seem that this convenient switch cannot be used. F.ex., saying <tt>chmod -R a-x ./foo/</tt> isn't very useful because that will make everything inside <tt>foo</tt> non-executable, including directories, which means you can't access any of it. 
  
 However, modern [chmod(1)]s understand a special pseudo-permission, called <tt>X</tt> (eg. uppercase X as opposed to <tt>x</tt>). It means "executable, but only when operating on a directory; no change otherwise". That way, you can say <tt>chmod -R a-x,a+X ./foo/</tt>, which will make [chmod(1)] remove the executable bit from every file but then also ''set'' the executable bit if it's a directory. 
  
-Before this, it was sometimes necessary to go through inconvenient contortions involing [find(1)] in order to operate only on files or only on directories. While that's still occasionally necessary, those occasions are much rarer. 
+Before this, it was sometimes necessary to go through inconvenient contortions involing [find(1)] in order to operate only on files or only on directories. While that's still occasionally necessary, those occasions are now much rarer. 
  
 !!! See also 
  
 * [An excellent guide to permissions at Greg's wiki | http://wooledge.org/mywiki/Permissions] 
 * [A Linux Focus article about file permissions | http://www.linuxfocus.org/English/January1999/article77.html] 
  
 ---- 
 CategoryBeginners