Linux Access Control
Native Linux filesystem access control is implemented using a set of properties, maintained separately for each file. These properties are collectively called the access mode, or simply the mode, of the file. The mode is a part of the file’s inode, the information retained in the filesystem that describes the file. A file’s mode controls access by these three classes of users:
The user who owns the file
The group that owns the file
All other users on the system
Like the mode, user and group ownership properties are a part of the inode, and both are assigned when a file is created. Usually, the owner is the user who created the file. The file’s group is usually set to its creator’s default group. Group ownership adds flexibility in situations in which a team shares files. The “other” users are those who aren’t members of the file’s group and are not the file’s owner. For each of these three user classes, the access mode defines three types of permissions, which apply differently for files and directories. The permissions are listed in Table 7-2.
Examine the contents of the file.
List directory contents.
Write to or change the file.
Create and remove files in the directory.
Run the file as a program.
These three permissions apply to the three different classes of users: user, group, and other. Each has read, write, and execute