Protecting files and directories


The UNIX operating system stores a set of permissions with every file. These permissions help to keep files secure on a multiuser system by determining who can access a file or a directory, who can change a file, and who can run a program.

A file's permissions are shown in the first field of a long (l) listing. The permissions field is made up of 10 places; think of this as 1 place + 3 places + 3 places + 3 places. For example:

   -r--r--r--   1 root   techpubs   3026 Jul 03 09:40 /etc/passwd
Each place can contain a character indicating a particular permission. The most common permissions are:

Permission Meaning Where it can occur
d Directory permission First place, before the 3 sets of 3
r Read permission First place in each set of 3
w Write permission Second place in each set of 3
x Execute permission Third place in each set of 3
If a place in a permission listing contains a hyphen (-) instead of a permission character, it means that permission (read, write, or execute) does not apply to that set of three.

Read permission lets you read a file, copy a file, print a file, change into a directory, and so on.

Write permission lets you modify a file, create a file in a directory, and remove a file from a directory. (To remove a file with rm, you only need write permission in the file's directory. You can then remove files on which you do not have write permission, although rm will prompt you for confirmation before it removes them.) Execute permission lets you run a compiled program or a shell script. (A shell script is a text file of shell programming commands and regular UNIX system commands that the shell executes one line at a time. For more information about shell scripts, see ``Customizing your environment''.)

Directory permission is not really a permission at all; it simply indicates a file that is a directory. (Internally, the UNIX system stores files and directories the same way; it thinks of a directory as a special kind of file.)

Next topic: Owner, group, other
Previous topic: Reading a long listing

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003