10.2 File System Permissions
10.2.2 Permission categories (classes)
The first character of the display is not actually a part of the permissions. It indicates whether this is a file (-) or a directory (d). The next nine characters represent the permissions of the file or directory. These are divided into three sets of three permissions each. There is one set for each category or category of users: User, Group, or Other. The first set of three permissions are those of the User. The second set applies to the Group the user belongs to. The third set applies to all Other users. Roll over the permission positions in the Figure to view available options for each set of permissions.
  • File type - This includes directories and ordinary files
  • User (owner) - The user who created the file or directory
  • Group - Category of users defined by the system administrator
  • Others (public) - All other users

It is important to understand each of the categories or classes of users and how they are affected by file and directory access permissions. The categories and permissions associated with users determine who can access these resources and what they can do with them.

File Type
As previously mentioned, the first character is not a category but refers to the file type. An ordinary file is represented by a dash (-), and a directory is represented by a d. A dash anywhere else in a permission set indicates no permission. The interpretation of permissions is slightly different for files and directories.

User (Owner)
The next three characters are the user or owner permissions. They show the type of access the owner of the file or directory has. When you create a new file or directory, you own it. The owner of the file .profile in the Figure is user2.

Group
The second set of three characters, called group permissions, identifies the permissions of the group that owns the file. A user group (system group) is a set of users with common file access needs. System administrators define system groups and determine which users belong to which groups. For example, a system administrator may establish an accounting group or a management group.

Users in the same group can access each other's files based on the group permissions. The group owner of the file .profile in the Figure is the group staff.

Others (Public)
The last set of characters, called others permissions, are the permissions everyone else has. Others refers to anyone who is neither the file owner nor a member of the group that owns the file, but who has access to the system.

Files you create are owned by you and the group association on these files is your primary group. Access is determined by the highest category to which you belong. The User or owner category has a higher priority than the Group category, which, in turn, is higher than the Other category. If you are the user (owner), even though you are a member of the group, only the user category of permissions applies. The permissions for 'others' only apply to someone who is neither the owner of a file or directory, nor a member of the group the owner belongs to. As an example, you are the owner of a file and you have Read, Write and Execute permissions. The group you belong to has permissions for Read access and others have no access. Since user permissions have a higher priority than group permissions, your permission will be Read, Write and Execute, which are the permission of the User (owner) category. If someone from the same group as you tries to access the file, they will only be able to read it. Anyone else (other) will not be able to access the file at all.