The first character of the display is
not actually a part of the permissions. It indicates whether this is a
file (-) or a directory (d). The next nine characters represent the
permissions of the file or directory. These are divided into three
sets of three permissions each. There is one set for each category or
category of users: User, Group, or Other. The first set of
three permissions are those of the User. The second set applies to the Group
the user belongs to. The third set applies to all Other users. Roll
over the permission positions in the Figure to view available options
for each set of permissions.
- File type - This includes
directories and ordinary files
- User (owner) - The user who created
the file or directory
- Group - Category of users defined by
the system administrator
- Others (public) - All other users
It is important to understand each of
the categories or classes of users and how they are affected by file
and directory access permissions. The categories and permissions
associated with users determine who can access these resources and
what they can do with them.
File Type
As previously mentioned, the first character is not a category but
refers to the file type. An ordinary file is represented by a dash
(-), and a directory is represented by a d. A dash anywhere else in a
permission set indicates no permission. The interpretation of
permissions is slightly different for files and directories.
User (Owner)
The next three characters are the user or owner permissions. They show
the type of access the owner of the file or directory has. When you
create a new file or directory, you own it. The owner of the file
.profile in the Figure is user2.
Group
The second set of three characters, called group permissions,
identifies the permissions of the group that owns the file. A user
group (system group) is a set of users with common file access needs.
System administrators define system groups and determine which users
belong to which groups. For example, a system administrator may
establish an accounting group or a management group.
Users in the same group can access each
other's files based on the group permissions. The group owner of the
file .profile in the Figure is the group staff.
Others (Public)
The last set of characters, called others permissions, are the
permissions everyone else has. Others refers to anyone who is neither the
file owner nor a member of the group that owns the file, but who has
access to the system.
Files you create are owned by you and
the group association on these files is your primary group. Access is
determined by the highest category to which you belong. The User or
owner category has a higher priority than the Group category, which,
in turn, is higher than the Other category. If you are the user
(owner), even though you are a member of the group, only the user
category of permissions applies. The permissions for 'others' only
apply to someone who is neither the owner of a file or directory, nor
a member of the group the owner belongs to. As an example, you
are the owner of a file and you have Read, Write and Execute
permissions. The group you belong to has permissions for Read access and
others have no access. Since user permissions have a higher priority
than group permissions, your permission will be Read, Write and
Execute, which are the permission of the User (owner) category. If
someone from the same group as you tries to access the file, they will
only be able to read it. Anyone else (other) will not be able to
access the file at all.
|