Content









10.2
File
System Permissions




10.2.4
Determining
file and directory access




All files and directories have a user
identifier (UID) and group identifier (GID) number associated with
them. The kernel uses these numbers to identify ownership of files
rather than the user or group name familiar to the user. The
ls -n
command displays the numeric UID and the GID, as shown in Figure
.
Note that, in the figure, the -a (all) option was included to
see the .profile file that normally is hidden. Figure

also shows two other useful commands when working with UIDs and GIDs.
The id command displays numeric and alphabetic UIDs and GIDs
for the student's effective user identifier (EUID). The groups
command displays all the groups the student is a member of. 
Process for Determining
Permissions 
Every system process is initiated by
the operating system. Every system also has a UID and GID, depending
on who initiated the process. When a process or user attempts to read,
write to, or execute a file, the UID and GID of the process are
compared. First compared to the UID of the file or directory and then
to the GID. If neither matches, the other category of permissions is
used. When a match is made, the permissions specified on the file or
directory for that category of user as a user, group, or other, are
applied. To determine whether the user should be permitted to perform
the action, the user ID and group ID of a file or directory are
compared to the allowable access list for the file or directory. The
flowchart in Figure
illustrates the logic applied to determine whether a system process is
allowed to access a file or directory. This flowchart is applied to a
user attempting to perform an action such as viewing (cat) a
file.
Default Permissions 
When a user accesses the system, files
and directories are protected by default permissions.
These default permissions are put in place automatically when a file
or directory is created. The default permissions for a new file are
read/write for the user or owner who created the file, and read for
group and other. For directories, the default permissions are
read/write/execute for the user and read/execute for group and other.
Figure shows the default
permission for a new file created with the
touch command and a
new directory created with the
mkdir command. The default size
for a new directory is 512 bytes. A new empty file is 0 bytes.
















Interactive
Media Activity (Flash,
99 kB)



 
Access
Permissions
In
this media activity, the student is logged in
as user2 and the current working
directory is /home/user2/dir2. The
student is to provide the necessary commands
and responses to correctly answer the
questions based on the student's knowledge of
permissions. Note: Be sure to press enter
after each one. Click on step 1 to begin.





























Lab
Activity



 

Determining
File System Permissions
In
this lab, the student becomes familiar with file
system permissions. The student will display
permissions on files and directories, interpret
the results, and evaluate the effect on various
user categories.