10.2 File System Permissions
10.2.4 Determining file and directory access
All files and directories have a user identifier (UID) and group identifier (GID) number associated with them. The kernel uses these numbers to identify ownership of files, rather than the user or group name familiar to the user. The ls -n command displays the UID and the GID. See Figure . Note that the -a (all) option was included in order to see the .profile file which is normally hidden. The Figure also shows two other useful commands when working with UIDs and GIDs. As you will recall, the id command displays numeric and alphabetic User ID and Group ID for your Effective User ID (EUID). The groups command displays all of the groups you are a member of.

Process For Determining Permissions
Every system process is initiated by the operating system and also has a UID and GID, depending on who initiated the process. When a process (user) attempts to read, write, or execute a file, the UID and GID of the process is compared to the UID of the file or directory, and then to the GID. If neither matches, then the other category of permissions is used. When a match is made, the permissions specified on the file or directory for that category of user (User, Group or Other) is applied. The user ID and group ID of whoever is attempting to access a file or directory is compared to the allowable access list for the file or directory to determine if the user should be permitted to perform the action. The flowchart in Figure illustrates the logic applied to determine if a system process is allowed to access a file or directory. An example is provided in Figure showing how the process is applied for a user attempting to view (
cat) a file.

Default Permissions
When a user accesses the system, files and directories are protected by default permissions. These are put in place automatically when a file or directory is created. The default permissions for a new file are Read/Write for the User (owner) who created the file and read for Group and Other. For directories, the default permissions are Read/Write/Execute for the User and Read/Execute for Group and Other. Figure shows the default permission for a new file created with the
touch command and a new directory created with the mkdir command. The default size for a new directory is 512 bytes. A new empty file is zero bytes.

Interactive Media Activity (Flash, 99 kB)
  Access Permissions

In this media activity, you are logged in as user2 and your current working directory is /home/user2/dir2. Provide the necessary commands and responses to correctly answer the questions based on your knowledge of permissions. 
Note: Be sure to press enter after each one. Click on step 1 to begin.

Lab Activity (Adobe Acrobat Reader, 49 kB)
  Determining File System Permissions

In this lab, you will become familiar with file system permissions. You will display permissions on files and directories, interpret the results and evaluate the effect on various user categories.