File Ownership and Access Permissions
Most of the resources available on a UNIX system are accessed as though they were files.
In addition to traditional hard disk files containing data, the operating system treats devices (like printers and modems) as special kinds of files.
The commands you use to work on the system are executable programs accessed as files.
Even network connections can be treated as special types of files.
Thus, a clear understanding of the basic attributes of files extends to an understanding of how access to a wide class of system resources is managed.
In this module, we will investigate the access control primitives of the UNIX system. The system is based on a notion of ownership,
together with a set of access permissions.
At the completion of this module, you will be able to:
- Describe the central role that files play in the UNIX environment
- List the principles of file and directory ownership
- Set user and group ownership
- Explain how UNIX grants access to files and directories
- Set file and directory access permissions
Setting File Access Permissions
To make a script file executable, add the execute permission to the access permissions for the file. To do so, use the chmod command.
The syntax and function of the chmod command are as follows.
$ chmod [options] octal-mode file[s]
$ chmod [options] symbolic-mode file[s]
Function: to change or set permissions for files in the arguments.
- -f: to force specified access permissions; if the owner of the file does the change, no error messages will be prompted.
- -R: to change permissions recursively descending through directories for all of the files and subdirectories under each directory.
For the octal mode, three octal numbers are needed, which represent the access permissions for all the users of a file.
There are three types of users and three types of permissions in the UNIX operating system.
If 1 bit represents a permission type, 3 bits are needed to indicate file permissions for one type of users (user, group, or others).
Hence, the whole permissions for a UNIX file can be represented by a number with nine bits.
Each bit can be 1 (permission allowed) or 0 (permission not allowed).
One type of users of a file can have one of the eight possible types of permissions for this file. Eight 3-bit values of permissions can be represented
by octal numbers from 0 through 7 if 0 means no permissions, and 7 means all (read, write, and execute) permissions.