4.5. File Access Permissions

原创 2006年05月17日 23:30:00

4.5. File Access Permissions

"All the file types (directories, character special files, and so on) have permissions. Many people think only of regular files as having access permissions."

 

Access permissions for a directory

Read permission: lets us read the directory, obtaining a list of all the filenames in the directory. Command ls(1) only cares about read permission.

Write permission:

Execute permission: lets us pass through the directory when it is a component of a pathname that we are trying to access. Command cd only cares about execute  permission.

 

Access permissions for a file

Read permission: determines whether we can open an existing file for reading: the O_RDONLY and O_RDWR flags for the open function.

Write permission: determines whether we can open an existing file for writing: the O_WRONLY and O_RDWR flags for the open function.

Execute permission: if we want to execute the file using any of the six exec functions. The file also has to be a regular file.

 

Two typical operations

Create a new file in a directory: both write permission and execute permission (wx) in the directory containing the file. We do not need read permission or write permission for the file itself.

Figure 1.1

 

Delete an existing file in a directory: both write permission and execute permission (wx) in the directory containing the file. We do not need read permission or write permission for the file itself.

Figure 1.2

 

-------------------------------------------------------------------------------------------

The owners of a file: owner, group owner (i_uid, i_gid; st_uid, st_gid)

[important]The difference between the two owner IDs (use ID of owner and group ID of group owner) and the two real IDs associated with a process.

The two owner IDs are properties of the file, whereas the two real IDs, two effective IDs and the supplementary group IDs are properties of the process.

-------------------------------------------------------------------------------------------

The tests (when a process accesses a file) performed by the kernel are as follows.

NOTE: 1.These four steps are tried in sequence. 2. Only cares about effective IDs of the process.

 

1. If the effective user ID of the process is 0 (the superuser), access is allowed. This gives the superuser free rein throughout the entire file system.

 

2. If the effective user ID of the process equals the owner ID of the file (i.e., the process owns the file), access is allowed if the appropriate user access permission bit is set. Otherwise, permission is denied. By appropriate access permission bit, we mean that if the process is opening the file for reading, the user-read bit(r) must be on. If the process is opening the file for writing, the user-write bit (w) must be on. If the process is executing the file, the user-execute bit(x) must be on. (Like rwx------).

 

3. If the effective group ID of the process or one of the supplementary group IDs of the process equals the group ID of the file, access is allowed if the appropriate group access permission bit is set. Otherwise, permission is denied.

 

4. If the appropriate other access permission bit is set, access is allowed. Otherwise, permission is denied.

if( effective user ID of the process == 0 )

else if( (effective user ID of the process == user ID of owner) && (owner access permission bits are appropriately set) )

else if( (effective group ID of the process == group ID of group owner) || (one of the supplementary group IDs of the process == group ID of group owner))

else if( other access permission bits are appropriately set )

Permission denied.

 

effective user ID->effective group ID->supplementary group IDs

This is why we said the 3 IDs are all used for access permission checks.

 

"Note that if the process owns the file (step 2), access is granted or denied based only on the user access permissions; the group permissions are never looked at. Similarly, if the process does not own the file, but belongs to an appropriate group, access is granted or denied based only on the group access permissions; the other permissions are not looked at."

 

0821-069 ping: sendto: The file access permissions do not allow the specified action.

AIX ping其他服务器时出现以下报错 0821-069 ping: sendto: The file access permissions do not allow the specifie...
  • u010692693
  • u010692693
  • 2017年04月07日 17:19
  • 604

ORACLE OUI 中断 do not have sufficient permissions /u01/app/oraInventory

更改了一下Oracle 的安装目录,重新安装时,提示如下错误:you do not have sufficient permissions toaccess this inventory /u01/a...
  • tianlesoftware
  • tianlesoftware
  • 2012年11月20日 23:50
  • 4818

runInstaller-- you do not have sufficient permissions to access the inventory

inventory_loc用来提定oracle的inventory指向的目录,inventory里存放着安装oracle相关软件的清单,但多个操作系统用户安装不同的软件时会在了权限问题,这个配置存放在...
  • guang_jing
  • guang_jing
  • 2014年08月24日 10:09
  • 1968

错误:chmod: changing permissions of ‘/etc/passwd': Read-only file system

给passwd文件加权限,修改/etc/passwd目录下所有的文件夹属性为可写可读可执行,执行以下命令:chomd 777 /etc/passwd 的时候提示错误: chmod: cha...
  • jackli8431
  • jackli8431
  • 2016年03月08日 14:33
  • 4412

failed to chmod no such file or directory

failed to chmod no such file or directory 1、错误信息Failed to chmod /Users/yanmin/Library/Developer/Core...
  • lcyaiym
  • lcyaiym
  • 2017年09月25日 23:45
  • 292

chmod: changing permissions of '/etc/passwd': Read-only file system

转自VC错误:http://www.vcerror.com/?p=2044 问题描述: 给passwd文件加权限,修改/etc/passwd目录下所有的文件夹属性为可写可读可执行,执行以下命令:c...
  • swanabin
  • swanabin
  • 2015年09月28日 17:56
  • 7365

zabbix 解决 Asuming that agent dropped connect because of access permision

zabbix 解决 Asuming that agent dropped connect because of access permision
  • dai451954706
  • dai451954706
  • 2014年05月22日 15:40
  • 1807

处理文件时遇到:The process cannot access the file because it is being used by another process.

class FileOperate     {         //for security , not display the account in the app.config       ...
  • lego2816
  • lego2816
  • 2014年04月22日 14:53
  • 2339

Hadoop windows 本地执行Mapreduce 报错 Error while running command to get file permissions

package cn.hadoop.mr.flowsum; import java.io.IOException; import org.apache.hadoop.conf.Configurat...
  • u011478909
  • u011478909
  • 2016年08月09日 17:16
  • 2474

Error 1310 Error writing to file:C:\Windows\...*.dll. Verify that you have access to that directory

一次手滑引发的悲剧
  • wuhuijun165
  • wuhuijun165
  • 2015年07月25日 11:04
  • 2511
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:4.5. File Access Permissions
举报原因:
原因补充:

(最多只允许输入30个字)