What does the C charater mean on a permissions string?

c-rx-x-xr

The leading 'c' indicates the file is a device node for a character-based device (as opposed to a block device)

not understand... need more explanation...thanks

d means it's a directory right? What other leading charaters are there?

There are a couple different kinds:

• '-' : a regular file
• 'd' : a directory
• 'l' : a symbolic link
• 'b' : a block device
• 'c' : a character device
• 'p' : a named pipe
• 's' : UNIX domain socket

The difference between a character device and a block device is in how much data a device can take/give to the computer. A character device can give/receive 1 character (one byte) at a time. A block device handles chunks/blocks of data; typically a block is 512 bytes, but it can vary depending on the device.

Ah... excellent!

Can you possiblely give me an example of what a block device, character device, named pipe, and UNIX domain socket is and how the premissions apply to it?

I'm gueesing that a block device is a hard drive and the premissions apply to who can use that drive...

Well, both character and block devices are "communication points" to the actual hardware. In UNIX, accessing anything is synonymous to accessing a file. So those character and device file entries are the means for what are called "user space" programs to access the hardware. Whether a device is a character or block device completely depends on how the device was built/designed. However, your hunch is correct. Your hard drive is a block device; it's capable of moving large quantities of data at once. Most storage devices are block devices (floppy disks, CD ROM drives, USB sticks, etc.) Some examples of character devices are your keyboard and the mouse; they don't need to move a whole lot of data.

A named pipe is probably exactly what you think it would be if I forced you to come up with something. You're familiar with "piping" one command's output to another, right?
A named pipe is pretty much the same thing, without forcing you to specify the interacting commands. It looks, smells, and acts just like a normal file, but when a process writes to it, the operating system holds onto that information until another process reads from it. So, an equivalent example to the command above would be:
The reason you have to background the ls command is because reading or writing from/to the pipe will "block" the process until there's data to give to it. In other words, your shell would sit there and stare at you. You'd have to open another shell to do the grep. What's nice about this is, you could have more than one process shoving data into the pipe, and one "traffic cop" type of process to receive all the data, and organize & present it in some interesting fashion.

A socket is very similar to a pipe, but I don't have much experience with them. It's very similar to traditional networking (where you make a client-server connection through a socket). It's a means to pass data back and forth between two processes. In fact, the only time I've ever encountered one is in messing with a MySQL server. The server sets up a socket file to allow processes running on the local machine to access the server to do database queries and the like.

Permissions for all of these guys is right along the lines of what you were thinking. Reading and writing are probably the only permissions that make sense for any of these items. I mean, it doesn't make any sense to "execute" a device, a pipe, or a socket.

Thanks! ...that's pretty much what I figured but it good to have somebody like you make the hunch redundant! I've had to use a "UNIX socket" with logging output from snort before... I figured it was some kind of network type communication but it sounds more like a metaphor than a physical facility.