• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Unix FAQs
• How do I find a Unix command?
• What is the history of Unix?
• What are basic Unix commands?
• What is a Unix shell?
• What is a Unix script?
• How do Unix file permissions work?
• Where can I find a Unix tutorial?
• Where can I download Unix?
• Where can I get a Unix emulator?
• What is sudo?
• How do I audit Unix passwords?
• What is password shadowing?
• What is password aging?
• What is NIS (yp)?
• What is a restricted shell?
• What security problems exist with SUID script and programs?
• How do Unix system log files work?
• What is a rootkit?
• How do Unix timestamps work?
• What is Linux?
• What are bootable Linux distributions?
• How do I setup a Linux file server?
• How do I change to directories with strange characters in them?
• What is a daemon?
• How can I change my Unix password?
• How do I change my shell?
• What is .profile?
• What is .login?
• What is a run level?
• How do I set an environment variable?
• What is UMASK?
• What are Unix signals?
• How do I change a hostname on Solaris?
• How do I change an IP address on Solaris?
• What are Pluggable Authentication Modules?
• How do I capture a Unix terminal session?
• How do I list Unix users?
• How do I backup Unix?
• How do I create a cron job?
• How do I use the Unix find command?
• How do I use the Unix sort command?
• How do I use the Unix grep command?
• How do I use the Unix top command?
• How do I install Linux on my Xbox?
• How do I copy Unix files to Windows?
• How Do I Tell What Shell I am Using?
• How Do I Find Out CPU Utilization in UNIX?
• How Do I Copy a Directory from DOS to UNIX?
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

How do Unix File Permissions work?

Unix file permissions are based upon an octal code. Unix file permissions are stored in a ten character array.

The first character of the file permissions stores the file type. The standard file types are:

The next nine characters are divided into three groups of three characters, each of which represents a different role on the system:

• User permissions govern what a user can do with his own files.
• Group permissions govern what another user on the same system, in the user group to which the file belongs, can do with the file.
• Other permissions govern what any other user on the same system can do with the file.

The three sets of three characters represent the permissions to the file for each role. The three permissions which may be granted to each role are:

• Read permission grants the ability to view the contents of the file.
• Write permission grants the ability to save changes to the contents of the file.
• eXecute permission grants to ability to execute the file. This is useful for programs and shell scripts.

A Unix File Permissions Example

A sample set of file permissions:

The file permissions for this file are:

This means that the user, or a member of the "web" group, can Read or Write this file. Any other user on the system can Read this file.

Unix File Permissions SUID and SGID Bits

File permissions are also used to make a program or shell script SUID (Set User ID) or SGID (Set Group ID). If a file is SUID, it will run with the privileges of the files owner, instead of the privileges of the person running the program. If a file is SGID, it will run with the privileges of the files group owner, instead of the privileges of the person running the program.

SUID and SGID programs are used to enable normal system users to accomplish tasks which would otherwise require privileged access.

The `passwd` program allows users to change their passwords. This requires the ability to write to the /etc/passwd file (and most often the shadowed password file), which unprivileged users should not normally have.

The file permissions of /usr/bin/passwd are:

-r-sr-xr-x  2 root  wheel  /usr/bin/passwd

The 's' in the space normally occupied by the first 'x' signifies that this file is SUID. No matter who executes this program, it will always run with the privileges of the user root.

Expressing Unix File Permissions in Octal

Unix file permissions are sometimes expressed in octal notation. r is equal to the value 4, w is equal to the value 2, and x is equal to the value 1.

Mathematically, rwx equals 7, because 4+2+1=7. Similarly, rw- is equal to 6 and r-x is equal to 5.

Setting Unix File Permissions

Unix file permissions are set using the `chmod` program. `chmod 644` will set a files permissions to -rw-r--r--.

Purchase these excellent books on Unix security and administration at Amazon.com

Bookmark How do Unix File Permissions work? Latest Blog Posts Windows 7 Forum Boston College: Ability to Use a Command Line is a Sign of Criminal Activity Google Hacked? Recycle your old phone – Make some money, and save the environment too! SourceForge vs. Freshmeat Fastest Web Browser: Google Chrome New Webmaster Forum Ubuntu Security Tools Terrorists Go Hi-Tech How to Dry a Cell Phone That's Come in Contact with Water English German Spanish French Italian Portuguese Russian Dutch Greek Hindi Japanese Korean Chinese Chinese (Simplified) Arabic Copyright 2009 Tech-FAQ. All rights reserved. Privacy Policy.