next up previous contents
Next: Controlling Access to Your Up: File Permissions Previous: File Permissions

How Unix File Permissions Work

Every time a user requests access to a file, the Unix operating system decides whether that user should have access to the file in question. Unix makes this decision based on who owns the file, who is asking for access to the file, and what ``access permissions'' the owner has set up. The access permissions define who will have access to the file.

When deciding whether to give access to a file, Unix divides users into three groups:

  1. The owner of the file. i.e. the account that was used to create the file.
  2. The group of the file. Each account is a member of one or more groups. When a file is created, one of the groups that the creating account belongs to is associated with it.
  3. Others. Any account which is not the creating account, or is not a member of the group associated with the file, is considered an ``other''.

Each one of these three groups may be given any combination of three types of access. They may be given either read, write, or execute (run a program) access. If a specific type of access is not explicitly given, it is denied.

So when you go to read, write or execute a file, Unix goes through a two stage operation to decide whether to give you access.

First, it decides which category you fit in. Are you the owner of the file? Are you in the group associated with the file? If the answer to both those questions is no, then you are assigned to the ``other'' category.

Then Unix examines the read, write and execute permissions for the category you've been placed in. Based on those permissions, Unix decides whether to grant you the type of access you've requested.

Unix also has some other, more obscure, types of permission which you can assign to a file. One worth mentioning is the so-called ``set UID'' or ``set GID'' permission. If you allow set UID access to a program, anybody who executes that program will temporarily be identified as using your account. In effect, by enabling the set UID permission, anyone becomes you while they're running your program. We strongly discourage you setting this permission, and if we discover it set we may assume you've made a mistake and disable that program.

next up previous contents
Next: Controlling Access to Your Up: File Permissions Previous: File Permissions

Del Armstrong
Fri Oct 25 16:31:41 EDT 1996