|
|
You can determine what permissions are currently in effect on a file or a directory by using ls -l to produce a long listing of a directory's contents.
In the first field of the ls -l output, the next nine characters are interpreted as three sets of three bits each.
The first set refers to the owner's permissions;
the next to permissions of members in the file's group;
and the last to all others.
Within each set, the three characters show
permission to read, to write, and to
execute the file as a program, respectively.
For a directory, ``execute'' permission is interpreted
to mean permission to search the directory
for a specified file.
For example, typing ls -l while in the directory named starship/bin in the sample file system produces the following output:
$ ls -l
total 35
-rwxr-xr-x 1 starship project 9346 Nov 1 08:06 display
-rw-r--r-- 1 starship project 6428 Dec 2 10:24 list
drwx--x--x 2 starship project 32 Nov 8 15:32 tools
$
Permissions for the display and list files and the tools directory are shown on the left of the screen under the line total 35, and appear in this format:
-rwxr-xr-x (for the display file)
-rw-r--r-- (for the list file))
drwx--x--x (for the tools directory)
After the initial character, which describes the file
type (for example, a - (dash) symbolizes
a regular file and a d a directory), the other
nine characters that set the permissions
comprise three sets of three characters.
The first set refers to permissions for the owner,
the second set to permissions for group members,
and the last set to permissions for all other system users.
Within each set of characters, the r,
w and x show the permissions currently
granted to each category.
If a dash appears instead of an r, w or x
permission to read, write or execute is denied.
The following diagram summarizes this breakdown for the file named display.
As you can see, the owner has r, w,
and x permissions and members of the group
and other system users have r and x permissions.
There are two exceptions to this notation system.
Occasionally the letter s or the letter l may
appear in the permissions line,
instead of an r, w or x.
The letter s
(short for set user ID or set group ID)
represents a special type of permission to execute
a file.
It appears where you normally see an x (or -)
for the user or group (the first and second sets
of permissions).
From a user's point of view it is equivalent to an
x in the same position; it implies that execute
permission exists.
It is significant only for programmers and
system administrators.
(See
``Setting and changing user and group IDs (UID/GID)''
for details about setting the user or group ID.)
The letter l indicates that locking
will occur when the file is accessed.
It does not mean that the file has been locked.
The permissions are as follows:
File access permissions
| Symbol | Explanation |
|---|---|
r
| The file is readable. |
w
| The file is writable. |
x
| The file is executable. |
| - | This permission is not granted. |
l
| Mandatory locking will occur during access. (The set-group-ID bit is on and the ``group'' execution bit is off.) |
s
|
The set-user-ID or set-group-ID bit is on,
and the corresponding ``user'' or ``group''
execution bit is also on.
|
S
| The set-user-ID bit is on and the ``user'' execution bit is off. |
t
| The sticky and the execution bits for ``other'' are on. |
T
| The sticky bit is turned on, and the execution bit for ``other'' is off. |
Directory access permissions
| Symbol | Explanation |
|---|---|
r
| The directory is readable. |
w
| The directory may be altered (files may be added or removed). |
x
| The directory may be searched. (This permission is required to cd to the directory.) |
t
| File removal from a writable directory is limited to the owner of the directory or file unless the file is writable. |