| Both sides previous revisionPrevious revision | |
| tutorials:permissions [2011/10/02 15:24] – Fix ToC and improve readability in example et al. memnon | tutorials:permissions [2012/05/05 20:06] (current) – Minor formatting, $ID memnon |
|---|
| ^ w | Change (**w**rite) file contents. | Add or remove files from directory.<sup>2</sup> | | ^ w | Change (**w**rite) file contents. | Add or remove files from directory.<sup>2</sup> | |
| ^ x | Shell will attempt to e**x**ecute file if file name entered by itself on command line. | Access (read or write) the directory<sup>3</sup> or any files in the directory or its subtree, or make the directory the user's working directory. | | ^ x | Shell will attempt to e**x**ecute file if file name entered by itself on command line. | Access (read or write) the directory<sup>3</sup> or any files in the directory or its subtree, or make the directory the user's working directory. | |
| | **Notes:** - File information can be obtained even without directory **r** permission if a file's full name is specified, - **w** directory permission allows a user to delete a file from the directory, //even if the user does not have **w** (change contents) permission for the file itself//. The reverse is also possible: a user who lacks **w** directory permission may be able to modify the contents of a file in the directory but not delete it. - Implementations vary on the permission required to list directory file names. SDF hosts (running NetBSD) will list directory files if the user has **r** permission for the directory. Other implementations require both **r** and **x** permissions to list directory files. ||| | **Notes:** |
| | - File information can be obtained even without directory **r** permission if a file's full name is specified, |
| | - **w** directory permission allows a user to delete a file from the directory, even if the user does not have **w** (change contents) permission for the file itself. The reverse is also possible: a user who lacks **w** directory permission may be able to modify the contents of a file in the directory but not delete it. |
| | - Implementations vary on the permission required to list directory file names. SDF hosts (running NetBSD) will list directory files if the user has **r** permission for the directory. Other implementations require both **r** and **x** permissions to list directory files. |
| |
| Unlike some other file systems, such as NTFS, neither **r** nor **w** directory permission have any influence on **r** or **w** permission for subdirectories or files anywhere in the directory's subtree. **r** or **w** permission is determined by what has been assigned to your user class for the directory in question without considering **r** and **w** permission for directories higher in the file system tree. | Unlike some other file systems, such as NTFS, neither **r** nor **w** directory permission have any influence on **r** or **w** permission for subdirectories or files anywhere in the directory's subtree. **r** or **w** permission is determined by what has been assigned to your user class for the directory in question without considering **r** and **w** permission for directories higher in the file system tree. |
| ^ g | //**G**roup//. Members of the user group to which the file has been assigned. | | ^ g | //**G**roup//. Members of the user group to which the file has been assigned. | |
| ^ o | //**O**thers//. Users not in either of the above classes. This is the user class that SDF's web server uses when a web browser requests a file from your web site.<sup>1</sup> | | ^ o | //**O**thers//. Users not in either of the above classes. This is the user class that SDF's web server uses when a web browser requests a file from your web site.<sup>1</sup> | |
| | **Notes:** - The use of CGI programs on a web site complicates the permission check. Access to the CGI program file itself is checked with user class **o**. Many web servers are configured so that file access requests from CGI programs are also checked with user class **o**. However, the SDF web server has been configured to execute CGI programs with the permissions of the owner of the program file (//you//, for CGI programs you have installed on your SDF web site). Therefore if your CGI program accesses files owned by you, permissions will be checked with user class **u**. Files not owned by you will be checked with user class **o**. || | **Notes:** |
| | - The use of CGI programs on a web site complicates the permission check. Access to the CGI program file itself is checked with user class **o**. Many web servers are configured so that file access requests from CGI programs are also checked with user class **o**. However, the SDF web server has been configured to execute CGI programs with the permissions of the owner of the program file (//you//, for CGI programs you have installed on your SDF web site). Therefore if your CGI program accesses files owned by you, permissions will be checked with user class **u**. Files not owned by you will be checked with user class **o**. |
| |
| ==== An example ==== | ==== An example ==== |
| File permission information can be obtained with the long listing option of the "ls" command: "ls -l" | File permission information can be obtained with the long listing option of the "ls" command: "ls -l" |
| |
| | ^ //a// | ^ //b// ^ //c// | | | | |
| | "drwxr-xr-x" | "2" | "papa" | "arpa" | "512" | "Sep 29 01:02" | "arpastuff" | | | "drwxr-xr-x" | "2" | "papa" | "arpa" | "512" | "Sep 29 01:02" | "arpastuff" | |
| | "-rwxr-x---" | "1" | "papa" | "arpa" | "11402" | "Sep 29 01:02" | "hello" | | | "-rwxr-x---" | "1" | "papa" | "arpa" | "11402" | "Sep 29 01:02" | "hello" | |
| | "-rw-r-----" | "1" | "papa" | "arpa" | "13" | "Sep 29 01:02" | "hello.txt" | | | "-rw-r-----" | "1" | "papa" | "arpa" | "13" | "Sep 29 01:02" | "hello.txt" | |
| | //a// | | //b// | //c// | | | | | |
| |
| Field //a// is the //file mode//, a string of ten one-character flags that indicate the file's permissions and other information. The following is a list of mode flags in character order with a partial list of possible flag values for each: | Field //a// is the //file mode//, a string of ten one-character flags that indicate the file's permissions and other information. The following is a list of mode flags in character order with a partial list of possible flag values for each: |
| |
| "chflags nouunlnk foo" | "chflags nouunlnk foo" |
| | |
| | $Id: permissions.html,v 1.8 2007/10/02 11:22:28 papa Exp $ |
