Differences between version 13 and predecessor to the previous major change of FilePermissions.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 13 | Last edited on Thursday, April 19, 2007 9:41:37 am | by BenStaz | Revert |
| Older page: | version 12 | Last edited on Thursday, April 5, 2007 10:31:25 pm | by AristotlePagaltzis | Revert |
@@ -21,11 +21,43 @@
[UNIX] file permissions are made up of three groups: the __u__ser who owns the file, the __g__roup that the file belongs to, and __o__ther people. These letters are important as you can use them to instruct [chmod(1)] change the permission of the file.
For each part, you have __r__ead, __w__rite, and e__x__ecute access. These are displayed as <tt>rwx</tt>.
-Typically, system data files as well files served from a WebServer or such have <tt>-rw-r--r--</tt>, ie. they're readable for everyone but writable only for their owner; files with private data have <tt>-rw-------</tt>: readable and writeable only for their owner and noone else. Directories and executable files generally have <tt>-rwxr-xr-x</tt>: they're readable and executable for everyone but writable only for their owner.
-
+Typically, system data files as well files served from a WebServer or such have <tt>-rw-r--r--</tt>, ie. they're readable for everyone but writable only for their owner; files with private data have <tt>-rw-------</tt>: readable and writeable only for their owner and noone else. Directories and executable files generally have <tt>-rwxr-xr-x</tt>: they're readable and executable for everyone but writable only for their owl
The executable permission on directories means that it may be used as part of a path; f.ex., if user <tt>bob</tt> does not have execute permission for <tt>/var/queue/joe</tt>, he will not be able to read <tt>/var/queue/joe/msg.371</tt>, even if he has read permission on the file itself. If <tt>/var/queue/joe</tt> has the execute permission set, but not the read permission, then <tt>bob</tt> will not be able to get a directory listing. ''However'', if he knows the name of a file in that directory, eg. he knows that <tt>/var/queue/joe/msg.371</tt> exists, then he can still reach it to read it (assuming he has read permission for that file).
+
+!Files
+
+*r - This tells us that the file can be read.
+*w - This tells us that the file can be written to.
+*x - This tells us that the file may be executed.
+
+!Directories
+
+Here are some examples of the effects of various combinations:
+
+ * r--
+
+ The user, group, or other with these permissions may list the contents of the directory, but nothing else. The files in the directory can't be read, changed, deleted, or manipulated in any way. The only permitted action is reading the directory itself, that is, seeing what files it contains.
+
+ * rw-
+
+ Write permission has no effect in the absence of execute permission, so this mode behaves just like the above mode.
+
+ * r-x
+
+ This mode permits the files in a directory to be listed, and permits access to those files. However, files can't be created or deleted. Access means that you can view, change, or execute the files as permitted by the files' own permissions.
+
+ * --x
+
+ Files in this directory can be accessed, but the contents of the directory can't be listed, so you have to know what filename you're looking for in advance (unless you're a good guesser). Files can't be created or deleted.
+
+ * rwx
+
+ You can do anything you want with the files in this directory, as long as it's permitted by the permissions on the files themselves.
+
+
+
Permissions are altered on the [Shell] using [chmod(1)]. (''Missing here is an explanation of the 4=r, 2=w, 1=x mapping. Feel free to AddToMe.'')
Generally, the fewer permissions you grant, the better. Most importantly, there's almost never a good reason to grant write permission to "other people".
