4.5. File Access Permissions

原创 2006年05月17日 23:30:00

4.5. File Access Permissions

"All the file types (directories, character special files, and so on) have permissions. Many people think only of regular files as having access permissions."

 

Access permissions for a directory

Read permission: lets us read the directory, obtaining a list of all the filenames in the directory. Command ls(1) only cares about read permission.

Write permission:

Execute permission: lets us pass through the directory when it is a component of a pathname that we are trying to access. Command cd only cares about execute  permission.

 

Access permissions for a file

Read permission: determines whether we can open an existing file for reading: the O_RDONLY and O_RDWR flags for the open function.

Write permission: determines whether we can open an existing file for writing: the O_WRONLY and O_RDWR flags for the open function.

Execute permission: if we want to execute the file using any of the six exec functions. The file also has to be a regular file.

 

Two typical operations

Create a new file in a directory: both write permission and execute permission (wx) in the directory containing the file. We do not need read permission or write permission for the file itself.

Figure 1.1

 

Delete an existing file in a directory: both write permission and execute permission (wx) in the directory containing the file. We do not need read permission or write permission for the file itself.

Figure 1.2

 

-------------------------------------------------------------------------------------------

The owners of a file: owner, group owner (i_uid, i_gid; st_uid, st_gid)

[important]The difference between the two owner IDs (use ID of owner and group ID of group owner) and the two real IDs associated with a process.

The two owner IDs are properties of the file, whereas the two real IDs, two effective IDs and the supplementary group IDs are properties of the process.

-------------------------------------------------------------------------------------------

The tests (when a process accesses a file) performed by the kernel are as follows.

NOTE: 1.These four steps are tried in sequence. 2. Only cares about effective IDs of the process.

 

1. If the effective user ID of the process is 0 (the superuser), access is allowed. This gives the superuser free rein throughout the entire file system.

 

2. If the effective user ID of the process equals the owner ID of the file (i.e., the process owns the file), access is allowed if the appropriate user access permission bit is set. Otherwise, permission is denied. By appropriate access permission bit, we mean that if the process is opening the file for reading, the user-read bit(r) must be on. If the process is opening the file for writing, the user-write bit (w) must be on. If the process is executing the file, the user-execute bit(x) must be on. (Like rwx------).

 

3. If the effective group ID of the process or one of the supplementary group IDs of the process equals the group ID of the file, access is allowed if the appropriate group access permission bit is set. Otherwise, permission is denied.

 

4. If the appropriate other access permission bit is set, access is allowed. Otherwise, permission is denied.

if( effective user ID of the process == 0 )

else if( (effective user ID of the process == user ID of owner) && (owner access permission bits are appropriately set) )

else if( (effective group ID of the process == group ID of group owner) || (one of the supplementary group IDs of the process == group ID of group owner))

else if( other access permission bits are appropriately set )

Permission denied.

 

effective user ID->effective group ID->supplementary group IDs

This is why we said the 3 IDs are all used for access permission checks.

 

"Note that if the process owns the file (step 2), access is granted or denied based only on the user access permissions; the group permissions are never looked at. Similarly, if the process does not own the file, but belongs to an appropriate group, access is granted or denied based only on the group access permissions; the other permissions are not looked at."

 

Unix file system permissions

  • 2012年11月23日 09:23
  • 42KB
  • 下载

Setting file and folder permissions

There are a few examples of this already on the web but most of them are over complicated and dont j...
  • seucbh
  • seucbh
  • 2013年09月09日 13:41
  • 853

Advanced File Permissions in Linux

原文:http://www.techcuriosity.com/resources/linux/advanced_file_permissions_in_linux.php Here we wi...
  • bonny95
  • bonny95
  • 2011年09月28日 14:53
  • 421

Beginners Level Course:File Permissions - chmod

Linux继承了Unix的文件所属者和权限的概念。基本的原因是这样可以在网络系统中方便的使用,在网络系统中用户可以使用各种各样的程序、文件等等。很显然,这需要保持其组织性和安全性。我们不想一个普通用户...
  • cnxxrj
  • cnxxrj
  • 2015年05月05日 08:21
  • 868

Hadoop windows 本地执行Mapreduce 报错 Error while running command to get file permissions

package cn.hadoop.mr.flowsum; import java.io.IOException; import org.apache.hadoop.conf.Configurat...

High Waits on 'Db File Sequential Read' Due to Table Lookup Following Index Access

最近某些系统AWR的top 5中“Db File Sequential Read”占据的时间百分比非常大,通常这种等待事件是一种正常的。但当前系统性能是有些问题的,并发量大,有些缓慢,因此需要判断这种...
  • bisal
  • bisal
  • 2013年10月19日 22:59
  • 1455

如何解决XMLHttpRequest cannot load file~~~~~~~Origin 'null' is therefore not allowed access

错误          最近在做框架的时候,需要加载.html文件和.json文件的时候出现了以下一个错误:     分析             ...
  • JIESA
  • JIESA
  • 2015年12月11日 15:23
  • 557

cannot access the ClassView information file

我打开一个网上下的代码的工作区 (.dsw) 结果弹出 cannot access the ClassView information file. ClassView information...

【操蛋的“a+”】file access permission 文件写入权限

昨天七八节课写了两个小时的样子,零警告,零错误。算是把hash table给堆出来了 悲剧的事情在后面,回寝室debug绝对不止5个小时。。。。老是文件的写入fwrite有问题。问题简直就是诡异。。。...

File access sample.zip

  • 2015年06月18日 11:42
  • 122KB
  • 下载
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:4.5. File Access Permissions
举报原因:
原因补充:

(最多只允许输入30个字)