UNIX System Administration Handbook - Evi Nemeth [51]
Each user fits into only one of the three permission sets. The permissions used are those that are most specific. For example, the owner of a file always has access determined by the owner permission bits and never the group permission bits. It is possible for the “other” and “group” categories to have more access than the owner, although this configuration is rarely used.
On a regular file, the read bit allows the file to be opened and read. The write bit allows the contents of the file to be modified or truncated; however, the ability to delete or rename the file is controlled by the permissions on its parent directory (because that is where the name-to-dataspace mapping is actually stored).
The execute bit allows the file to be executed. There are two types of executable files: binaries, which the CPU runs directly, and scripts, which must be interpreted by a shell or some other program. By convention, scripts begin with a line of the form
#!/bin/csh -f
that specifies an appropriate interpreter. Nonbinary executable files that do not specify an interpreter are assumed (by your shell) to be sh scripts.5
For a directory, the execute bit (often called the “search” or “scan” bit in this context) allows the directory to be entered or passed through while evaluating a pathname, but not to have its contents listed. The combination of read and execute bits allows the contents of the directory to be listed. The combination of write and execute bits allows files to be created, deleted, and renamed within the directory.
Viewing file attributes
The filesystem maintains about forty separate pieces of information for each file, but most of them are useful only to the filesystem itself. As a system administrator you will be concerned mostly with the link count, owner, group, mode, size, last access time, last modification time, and type. You can inspect all of these with ls -l.
An attribute change time is also maintained for each file. The conventional UNIX name for this time (the “ctime”) leads some people to believe that it is the file’s creation time. Unfortunately, it is not; it just records the time that the attributes of the file (owner, mode, etc.) were last changed (as opposed to the time at which the file’s contents were modified).
Consider the following example:
% ls -l /bin/sh
-rwxr-xr-x 1 root bin 85924 Sep 27 1997 /bin/sh
The first field specifies the file’s type and mode. The first character is a dash, so the file is a regular file. The codes shown in Table 5.2 represent the various types of files.
Table 5.2 FIle-type encoding used by ls
The next nine characters in this field are the three sets of permission bits. Although these bits have only binary values, ls shows them symbolically with the letters r, w, and x for read, write, and execute. In this case, the owner has all permissions on the file and everyone else has only read and execute permission.
If the setuid bit had been set, the x representing the owner’s execute permission would have been replaced with an s, and if the setgid bit had been set, the x for the group would also have been replaced with an s. The last character of the permissions (execute permission for “other”) is shown as t if the sticky bit of the file is turned on. If either the setuid/setgid bit or the sticky bit is set but the corresponding execute bit is not, these bits appear as S or T.
The next field in the listing is the link count for the file. In this case it is 1, indicating that /bin/sh is the only name by which this file is known. Every time a hard link is made to a file, the count is incremented by 1.
All directories will have at least two hard links: the link from the parent directory and the link from the special file “.” inside the directory itself. Symbolic links do not affect the link count.
The next two fields in ls’s output are the owner and group owner of the file. In this example, the file’s owner is root, and the file belongs to the group