Both sides previous revisionPrevious revision | |
tutorials:permissions [2011/10/02 15:24] – Fix ToC and improve readability in example et al. memnon | tutorials:permissions [2012/05/05 20:06] (current) – Minor formatting, $ID memnon |
---|
^ w | Change (**w**rite) file contents. | Add or remove files from directory.<sup>2</sup> | | ^ w | Change (**w**rite) file contents. | Add or remove files from directory.<sup>2</sup> | |
^ x | Shell will attempt to e**x**ecute file if file name entered by itself on command line. | Access (read or write) the directory<sup>3</sup> or any files in the directory or its subtree, or make the directory the user's working directory. | | ^ x | Shell will attempt to e**x**ecute file if file name entered by itself on command line. | Access (read or write) the directory<sup>3</sup> or any files in the directory or its subtree, or make the directory the user's working directory. | |
| **Notes:** - File information can be obtained even without directory **r** permission if a file's full name is specified, - **w** directory permission allows a user to delete a file from the directory, //even if the user does not have **w** (change contents) permission for the file itself//. The reverse is also possible: a user who lacks **w** directory permission may be able to modify the contents of a file in the directory but not delete it. - Implementations vary on the permission required to list directory file names. SDF hosts (running NetBSD) will list directory files if the user has **r** permission for the directory. Other implementations require both **r** and **x** permissions to list directory files. ||| | **Notes:** |
| - File information can be obtained even without directory **r** permission if a file's full name is specified, |
| - **w** directory permission allows a user to delete a file from the directory, even if the user does not have **w** (change contents) permission for the file itself. The reverse is also possible: a user who lacks **w** directory permission may be able to modify the contents of a file in the directory but not delete it. |
| - Implementations vary on the permission required to list directory file names. SDF hosts (running NetBSD) will list directory files if the user has **r** permission for the directory. Other implementations require both **r** and **x** permissions to list directory files. |
| |
Unlike some other file systems, such as NTFS, neither **r** nor **w** directory permission have any influence on **r** or **w** permission for subdirectories or files anywhere in the directory's subtree. **r** or **w** permission is determined by what has been assigned to your user class for the directory in question without considering **r** and **w** permission for directories higher in the file system tree. | Unlike some other file systems, such as NTFS, neither **r** nor **w** directory permission have any influence on **r** or **w** permission for subdirectories or files anywhere in the directory's subtree. **r** or **w** permission is determined by what has been assigned to your user class for the directory in question without considering **r** and **w** permission for directories higher in the file system tree. |
^ g | //**G**roup//. Members of the user group to which the file has been assigned. | | ^ g | //**G**roup//. Members of the user group to which the file has been assigned. | |
^ o | //**O**thers//. Users not in either of the above classes. This is the user class that SDF's web server uses when a web browser requests a file from your web site.<sup>1</sup> | | ^ o | //**O**thers//. Users not in either of the above classes. This is the user class that SDF's web server uses when a web browser requests a file from your web site.<sup>1</sup> | |
| **Notes:** - The use of CGI programs on a web site complicates the permission check. Access to the CGI program file itself is checked with user class **o**. Many web servers are configured so that file access requests from CGI programs are also checked with user class **o**. However, the SDF web server has been configured to execute CGI programs with the permissions of the owner of the program file (//you//, for CGI programs you have installed on your SDF web site). Therefore if your CGI program accesses files owned by you, permissions will be checked with user class **u**. Files not owned by you will be checked with user class **o**. || | **Notes:** |
| - The use of CGI programs on a web site complicates the permission check. Access to the CGI program file itself is checked with user class **o**. Many web servers are configured so that file access requests from CGI programs are also checked with user class **o**. However, the SDF web server has been configured to execute CGI programs with the permissions of the owner of the program file (//you//, for CGI programs you have installed on your SDF web site). Therefore if your CGI program accesses files owned by you, permissions will be checked with user class **u**. Files not owned by you will be checked with user class **o**. |
| |
==== An example ==== | ==== An example ==== |
File permission information can be obtained with the long listing option of the "ls" command: "ls -l" | File permission information can be obtained with the long listing option of the "ls" command: "ls -l" |
| |
| ^ //a// | ^ //b// ^ //c// | | | | |
| "drwxr-xr-x" | "2" | "papa" | "arpa" | "512" | "Sep 29 01:02" | "arpastuff" | | | "drwxr-xr-x" | "2" | "papa" | "arpa" | "512" | "Sep 29 01:02" | "arpastuff" | |
| "-rwxr-x---" | "1" | "papa" | "arpa" | "11402" | "Sep 29 01:02" | "hello" | | | "-rwxr-x---" | "1" | "papa" | "arpa" | "11402" | "Sep 29 01:02" | "hello" | |
| "-rw-r-----" | "1" | "papa" | "arpa" | "13" | "Sep 29 01:02" | "hello.txt" | | | "-rw-r-----" | "1" | "papa" | "arpa" | "13" | "Sep 29 01:02" | "hello.txt" | |
| //a// | | //b// | //c// | | | | | |
| |
Field //a// is the //file mode//, a string of ten one-character flags that indicate the file's permissions and other information. The following is a list of mode flags in character order with a partial list of possible flag values for each: | Field //a// is the //file mode//, a string of ten one-character flags that indicate the file's permissions and other information. The following is a list of mode flags in character order with a partial list of possible flag values for each: |
| |
"chflags nouunlnk foo" | "chflags nouunlnk foo" |
| |
| $Id: permissions.html,v 1.8 2007/10/02 11:22:28 papa Exp $ |