(coreutils.info)Mode Structure

Next: Symbolic Modes Up: File permissions
Enter node , (file) or (file)node 

27.1 Structure of File Mode Bits
================================

The file mode bits have two parts: the “file permission bits”, which
control ordinary access to the file, and “special mode bits”, which
affect only some files.

   There are three kinds of permissions that a user can have for a file:

  1. permission to read the file.  For directories, this means
     permission to list the contents of the directory.
  2. permission to write to (change) the file.  For directories, this
     means permission to create and remove files in the directory.
  3. permission to execute the file (run it as a program).  For
     directories, this means permission to access files in the
     directory.

   There are three categories of users who may have different
permissions to perform any of the above operations on a file:

  1. the file’s owner;
  2. other users who are in the file’s group;
  3. everyone else.

   Files are given an owner and group when they are created.  Usually
the owner is the current user and the group is the group of the
directory the file is in, but this varies with the operating system, the
file system the file is created on, and the way the file is created.
You can change the owner and group of a file by using the ‘chown’ and
‘chgrp’ commands.

   In addition to the three sets of three permissions listed above, the
file mode bits have three special components, which affect only
executable files (programs) and, on most systems, directories:

  1. Set the process’s effective user ID to that of the file upon
     execution (called the “set-user-ID bit”, or sometimes the “setuid
     bit”).  For directories on a few systems, give files created in the
     directory the same owner as the directory, no matter who creates
     them, and set the set-user-ID bit of newly-created subdirectories.
  2. Set the process’s effective group ID to that of the file upon
     execution (called the “set-group-ID bit”, or sometimes the “setgid
     bit”).  For directories on most systems, give files created in the
     directory the same group as the directory, no matter what group the
     user who creates them is in, and set the set-group-ID bit of
     newly-created subdirectories.
  3. Prevent unprivileged users from removing or renaming a file in a
     directory unless they own the file or the directory; this is called
     the “restricted deletion flag” for the directory, and is commonly
     found on world-writable directories like ‘/tmp’.

     For regular files on some older systems, save the program’s text
     image on the swap device so it will load more quickly when run;
     this is called the “sticky bit”.

   In addition to the file mode bits listed above, there may be file
attributes specific to the file system, e.g., access control lists
(ACLs), whether a file is compressed, whether a file can be modified
(immutability), and whether a file can be dumped.  These are usually set
using programs specific to the file system.  For example:

ext2
     On GNU and GNU/Linux the file attributes specific to the ext2 file
     system are set using ‘chattr’.

FFS
     On FreeBSD the file flags specific to the FFS file system are set
     using ‘chflags’.

   Even if a file’s mode bits allow an operation on that file, that
operation may still fail, because:

   • the file-system-specific attributes or flags do not permit it; or

   • the file system is mounted as read-only.

   For example, if the immutable attribute is set on a file, it cannot
be modified, regardless of the fact that you may have just run ‘chmod
a+w FILE’.
automatically generated by info2www version 1.2.2.9