I dont understand something about file permissions
Hi guys,
need some help on something im reading in a book they give this file example: -r---w---x 1 bob proj 282 Apr 29 22:06 file1 then they say: Let us assume that the bob user is a member of the proj group. In this case, the file called file1 in the preceding output gives the user or owner of the file (the bob user) read permission, gives members of the group (the proj group) write permission, and gives other (everyone else on the system) execute permission only. Because permissions are not additive, the user “bob” shall only receive read permission to file1 from the system. This doesnt make sense to me... 1) What do they mean that permissions are not additive? 2) If Bob is a member of the proj group, and the proj group has write rights, should he not have write rights on the file1. thanks |
"Permissions are not additive" means that if you are named as the owner, as in the example, the permissions given to members of any group you are in or to everyone do not apply.
|
i find the example unrealistic.
you can take a look at your own files with Code:
ls -l |
It goes to HOW permissions are evaluated
1a. are you the owner? 1b. do you have owner permission for the desired access? 2a. if not the owner, is the group specified by the file in your group list? 2b. do you have group permission for the desired access? 3. do you have world permission for the desired access? ONLY one of 1, 2, or 3 paths is taken. It stops with the first one that succeeds. 1a - the owner test succeeds then only 1b determines success., 2a - if the group member ship succeeds, then only 2b determines sucess. If 1a and 2a both fail then only 3 applies. |
I had been using Linux for years before I ran into a clear explanation of the permissions in the output of lx -l.
Unfortunately, I can't share that explanation, as it was a proprietary bit of a training program, but this article from the Arch wiki does a pretty good job: https://wiki.archlinux.org/index.php...and_attributes |
thank you all oh so much...
|
so 273 wrote ""Permissions are not additive" means that if you are named as the owner, as in the example, the permissions given to members of any group you are in or to everyone do not apply."
is this correct? is it a general rule of thumb? |
yes, it is correct:
1: if you are the owner the first group of permissions (rwx) will be used, nothing else. 2. if you are not the owner, but belong to the group the second group of permissions (rwx) will be - only - used. 3. otherwise the third group of permissions (rwx) will be taken. |
Quote:
|
The "human readable" permissions has never made much sense to me.
Octal makes a lot more sense. You only really need to be able to add to 7. 1 = execute 2 = write 4 = read In permissions there are three numbers (actually 4, but we'll ignore that) which could be: 750 the first is the Owner of the file (the 7), the second is the group of the file (the 5) and the third is everyone else (the 0) This means the owner can execute (1) + write (2) + read (4) the file. = 7 The group can execute (1) + read (4) the file = 5 Everyone else can do nothing (0) You can change these in any way. Want groups to read and write but not execute? Add 2+4. So we should do 760. To make it easy for me to see permissions in octal I use my own perm function as opposed to ls -l Code:
alias perm="stat -c '%n %U:%G-%a'" |
It is quite simple:
Code:
1 = execute = x Code:
octal binary mnemonic |
1 Attachment(s)
See the attached for a visual illustration of permissions.
Other items of interest: "permission of all parent directories must be considered before considering permissions on a file." |
All times are GMT -5. The time now is 02:06 AM. |