File Access Permissions (Unix Power Tools, 3rd Edition)
1.17. File Access Permissions
Under Unix, access to files is based on the concept of users and
groups.
Every "user" on a system has a
unique account with a unique login name and a unique UID (Section 24.3) (user ID
number). It is possible, and sometimes convenient, to create accounts
that are shared by groups of people. For example, in a
transaction-processing application, all of the order-entry personnel
might be assigned a common login name (as far as Unix is concerned,
they only count as one user). In a research and development
environment, certain administrative operations might be easier if
members of a team shared the same account, in addition to having
their own accounts. However, in most situations each person using the
system has one and only one user ID, and vice versa.
Every user may be a member of one or more
"groups."[2]
The user's entry in the
master password file (/etc/passwd
(Section 22.3)) defines his "primary
group membership." The /etc/group (Section 49.6) file
defines the groups that are available and can also assign other users
to these groups as needed. For example, I am a member of three
groups: staff, editors, and
research. My primary group is
staff; the group file says
that I am also a member of the editors and
research groups. We call
editors and research my
"secondary groups." The system
administrator is responsible for maintaining the
group and passwd files. You
don't need to worry about them unless
you're administering your own system.
[2]In most
newer Unix systems, users have the access privileges of all groups to
which they belong, all at the same time. In other Unix systems, you
use a command like newgrp (Section 48.6) to change the group to which you currently
belong. Your system may even support both methods.
Every file belongs to one user and one group. When a file is first
created, its owner is the user who created it; its group is the
user's primary group or the group of the directory
in which it's created. For example, all files I
create are owned by the user mikel and the group
staff. As the file's owner, I
am allowed to use the chgrp command to
change the file's group. On filesystems that
don't have quotas
(Section 15.11), I can also use the
chown command to change the
file's owner. (To change ownership on systems with
quotas, see Section 50.15.) For example, to
change the file data so that it is owned by the
user george and the group
others, I give the commands:
% chgrp others data
% chown george data
WARNING:
If you need to change both owner and group, change the group first!
You won't have permission to change the group after
you aren't the owner.
Some versions of chown can change both owner and
group at the same time:
% chown george.others data
File access is based on a file's user and group
ownership and a set of access bits (commonly called the
mode bits). When you try to access a file, you
are put into one of three classes. You are either the
file's owner, a member of the
file's group, or an
"other." Three bits then determine
whether you are allowed to read, write, or execute the file. So, as
Figure 1-1 shows, there are a total of nine mode
bits (three for each class) that set the basic access permissions.
-- ML
1.16. Making Pathnames1.18. The Superuser
Copyright © 2003 O'Reilly & Associates. All rights reserved.
Wyszukiwarka
Podobne podstrony:
ch01ch01ch01ch01ch01ch01ch01ch01ch01ch01ch01 (2)ch01Ch01 2ch01ch01ch01ch01ch01ch01 (3)ch01więcej podobnych podstron