|
|
You can determine what permissions are currently in effect on a file or a directory by using ls -l to produce a long listing of a directory's contents.
In the first field of the ls -l output, the next nine characters are interpreted as three sets of three bits each.
The first set refers to the owner's permissions;
the next to permissions of members in the file's group;
and the last to all others.
Within each set, the three characters show
permission to read, to write, and to
execute the file as a program, respectively.
For a directory, ``execute'' permission is interpreted
to mean permission to search the directory
for a specified file.
For example, typing ls -l while in the directory named starship/bin in the sample file system produces the following output:
$ ls -l
total 35
-rwxr-xr-x 1 starship project 9346 Nov 1 08:06 display
-rw-r--r-- 1 starship project 6428 Dec 2 10:24 list
drwx--x--x 2 starship project 32 Nov 8 15:32 tools
$
Permissions for the display and list files and the tools directory are shown on the left of the screen under the line total 35
, and appear in this format:
-rwxr-xr-x (for the display file)
-rw-r--r-- (for the list file))
drwx--x--x (for the tools directory)
After the initial character, which describes the file
type (for example, a -
(dash) symbolizes
a regular file and a d
a directory), the other
nine characters that set the permissions
comprise three sets of three characters.
The first set refers to permissions for the owner
,
the second set to permissions for group
members,
and the last set to permissions for all other
system users.
Within each set of characters, the r
,
w
and x
show the permissions currently
granted to each category.
If a dash appears instead of an r
, w
or x
permission to read, write or execute is denied.
The following diagram summarizes this breakdown for the file named display.
As you can see, the owner has r
, w
,
and x
permissions and members of the group
and other system users have r
and x
permissions.
There are two exceptions to this notation system.
Occasionally the letter s
or the letter l
may
appear in the permissions line,
instead of an r
, w
or x
.
The letter s
(short for set user ID or set group ID)
represents a special type of permission to execute
a file.
It appears where you normally see an x
(or -
)
for the user or group (the first and second sets
of permissions).
From a user's point of view it is equivalent to an
x
in the same position; it implies that execute
permission exists.
It is significant only for programmers and
system administrators.
(See
``Setting and changing user and group IDs (UID/GID)''
for details about setting the user or group ID.)
The letter l
indicates that locking
will occur when the file is accessed.
It does not mean that the file has been locked.
The permissions are as follows:
File access permissions
Symbol | Explanation |
---|---|
r
| The file is readable. |
w
| The file is writable. |
x
| The file is executable. |
- | This permission is not granted. |
l
| Mandatory locking will occur during access. (The set-group-ID bit is on and the ``group'' execution bit is off.) |
s
|
The s et-user-ID or s et-group-ID bit is on,
and the corresponding ``user'' or ``group''
execution bit is also on.
|
S
| The set-user-ID bit is on and the ``user'' execution bit is off. |
t
| The sticky and the execution bits for ``other'' are on. |
T
| The sticky bit is turned on, and the execution bit for ``other'' is off. |
Directory access permissions
Symbol | Explanation |
---|---|
r
| The directory is readable. |
w
| The directory may be altered (files may be added or removed). |
x
| The directory may be searched. (This permission is required to cd to the directory.) |
t
| File removal from a writable directory is limited to the owner of the directory or file unless the file is writable. |