All files and directories have a user identifier
(UID) and group identifier (GID) number associated with
them. The kernel uses these numbers to identify ownership of files,
rather than the user or group name familiar to the user. The ls
-n command displays
the UID and the GID. See Figure .
Note that the -a
(all) option was included in order to see the .profile file
which is normally hidden. The Figure also shows two other useful
commands when working with UIDs and GIDs. As you will recall, the id
command displays numeric and alphabetic User ID and Group ID for your
Effective User ID (EUID). The groups
command displays all of the groups you are a member of.
Process For Determining Permissions
Every system process is initiated by the operating system and also has
a UID and GID, depending on who initiated the process. When a process
(user) attempts to read, write, or execute a file, the UID and GID of
the process is compared to the UID of the file or directory, and then
to the GID. If neither matches, then the other category of
permissions is used. When a match is made, the permissions specified
on the file or directory for that category of user (User, Group or
Other) is applied. The user ID and group ID of whoever is attempting
to access a file or directory is compared to the allowable access list
for the file or directory to determine if the user should be permitted
to perform the action. The flowchart in Figure
illustrates the logic
applied to determine if a system process is allowed to access a file
or directory. An example is provided in Figure
showing how
the process is applied for a user attempting to view (cat) a file.
Default Permissions
When a user accesses the system, files and directories are protected
by default permissions. These are put in place automatically when a
file or directory is created. The default permissions for a new file
are Read/Write for the User (owner) who created the file and read
for Group and Other. For directories, the default permissions are
Read/Write/Execute for the User and Read/Execute for Group and Other.
Figure shows the default permission for a new file created
with the touch command
and a new directory created with the mkdir
command. The default size for a new directory is 512 bytes. A new
empty file is zero bytes.
 |
 |
Lab
Activity
(Adobe
Acrobat Reader, 49 kB) |
| |
Determining
File System Permissions
In
this lab, you will become familiar with file
system permissions. You will display permissions
on files and directories, interpret the results
and evaluate the effect on various user
categories. |
|
|
|
|