[ Home ] [ Contact ] [ Staff Biographies ] [ Downloads ] [ Links ]

File Permissions

By Joel Colvin

© 1996 Colvin Training & Consulting

The three permissions available for files are read, write and execute.  Each of these permissions can be set for three classes of users, the user who owns the file, the group to whom the file belongs and all others.

First lets look at the effects of these permissions on files.

Read permission allows a user or process to read the contents of a file.  If you can read a file you can copy that file and the copy will be owned by you.

Write permission allows a user or process to modify the file.  If does not give permission to completely remove the file but you can remove all of the contents or truncate a file.

Execute permission allows a user or process to execute the file directly.  Under most circumstances the executed file will have the permission of the user who start the execution.

Three additional permission flags can be set on files.  These flags are SUID (Set User ID), SGID (Set Group ID) and the sticky bit.  Only the root users can set these flags.

The SUID bit, when set on a file will allow the user to execute with the permissions of the owner of the file instead of the permissions of the user who start the program.  This is called setting the effective user ID.  For example, the mail delivery program has the SUID bit set and belongs to either the root user or a delivery user such as MMDF.  Because you do not have permission to modify anyone’s mail spool file the delivery program needs to gain additional permissions in order to deliver your mail.

The SGID bit works the same way as the SUID bit except that it changes the effective permissions to that of the group of the executable.

Be sure to remove the write permissions of files that are SUID or SGID.  Otherwise other users may be able to add commands to the file that would execute with different permissions than the ones that have been set for that user.