Permissions and whatnot

Tuesday, July 2, 2013 at 11:18 PM

Granted, most of you may know about this. It's kind of a note to myself, so stop complaining!

Permissions

Turns out files on POSIX (that includes Linux) compliant filesystems have filesystem permissions (Mr. Obvious eh? So much for completeness).

These are the permissions

Read Permission: Read the file/directory.
Write Permission: Write the file/directory.
Execute Permission
: If it's a file, permission to execute (run) it. If it's a directory; permission to cd into it.

Permissions are given to classes of users, like

User: Permissions of the user that owns the file/directory. Each file can have only one owner.
Group: Permissions of the group that owns the file/directory. This applies to the users in the group specified.
Others: Permissions of users that aren't the owner, and that aren't in the group mentioned above.

The trio of attributes in UNIX-like systems

Also, there's this trio of attributes (not to be confused with file attributes) on most UNIX systems that are... I dunno paired? with the permissions (or so I'm told). And they are!:

SetUID: If this attribute is set on an executable file, any user can execute the file with the UID of the owner.
SetGID: If this attribute is set on a directory, new files created under the directory will have the same group ownership as the directory.
Sticky: If this attribute is set o a file/directory, only the owner can remove it.

Representation

Symbolically

Hit an ls -l in one of your directories. Here's what I got:


   foobar@bohica:~/Packaging/Sources/bsdutils/util-linux-2.20.1$ ls -l
   total 1064
   -rw-r--r-- 1 foobar foobar  53838 Oct 12  2011 ABOUT-NLS
   -rw-r--r-- 1 foobar foobar  42642 Oct 20  2011 aclocal.m4
   -rw-r--r-- 1 foobar foobar  11969 Oct 20  2011 AUTHORS
   -rwxr-xr-x 1 foobar foobar   2386 Oct 18  2011 autogen.sh
   -rw-r--r-- 1 foobar foobar    102 Oct 20  2011 ChangeLog
   drwxr-xr-x 2 foobar foobar   4096 Oct 20  2011 config
   -rw-r--r-- 1 foobar foobar  16594 Oct 20  2011 config.h.in

That first column lists the permissions of the file/directory. The string of text is pretty stratightforward. The first character determines what type of a file it is; there's about seven different types of files identified, but just for now, - means it's a regular file, and d means it's a directory (Mr. Obvious again). If we just ignore that first character, you'll see that the resulting string can be broken down into three equal trios. Each trio represents a user class, respectively in the sequence of User (u), Group (g), and Other (o).

stat can also be used to view the permissions of a specific file, along with some more infoirmation.

Going on, each of the columns in the trio is the space for a specific permission. The first column is for read permissions, the second is for write permissions, and the third, although usually used to display execute permissions, is also sometimes used to display the SetUID, SetGID, and Sticky attributes. Basically, if there's a - in a specific column, it means that that permission has not been set for that user class, if there is a letter, that means that specific permission has been set for that user class.

Numerically

Permissions can also be represented numerically by using a four digit Octal Mode. So how do you calculate this? Think of it this way:


   Octal Mode Digits        -  0   6   6   4
                               ^   ^   ^   ^
                              / \ / \ / \ / \
   Corresponding Bits       - 000 110 110 100
                              ||| ||| ||| |||
   Corresponding Permission - ABC DEF GHI JKL

Each of the bits are labelled:

A: SetUID
B: SetGID
C: Sticky
D: Read (Owner)
E: Write (Owner)
F: Execute (Owner)
G: Read (Group)
H: Write (Group)
I: Execute (Group)
J: Read (Others)
K: Write (Others)
L: Execute (Others)

It's simple:

Set a 1 for all the permission bits that you want to activate.
Calculate the octal value for each trio.
Concat the values together in the sequence of Attributes, OWner permissions, Group permissions, Others permission.

The umask

From what I can tell, the umask is a mask (go figure!) that determines the default permissions of files/directories that are created by a user. The typical umask is set to 0002 after the inclusion of user private groups for users (however on my Debian install it's set by default to 0022).

The umask can be set using the umask mode, both the octal mask and symbolic notation can be used. But, how does the umask determine the permissions? Well, it all depends on the umask and the application creating the files, but, here's how they said you figure it out:


   All permission bits on -                     111 111 111 111
                                                      XOR
   umask of 0022          -                     000 000 010 010
                                                       =
   Resulting permissions  -                     111 111 101 101
                                                       |
                                   +-------------------+------------------+
                                   |                                      |
                                 FILES                               DIRECTORIES
                                   |                                      |
                                   V                                      V
                            111 111 101 101                        111 111 101 101
                                  XOR                                    XOR
   Application mask       - 111 001 001 001                        111 000 000 000
                                   =                                      =
   Final permissions      - 000 110 100 100                        000 111 101 101
   Symbolic               - --- rw- r-- r--                        --- rwx r-x r-x