Access control

  • Access control is implemented using a set of properties called the access mode, stored in the inode. Three classes of user are defined:

    User

    The user who owns the file.

    Group

    The group that owns the file.

    Other

    All other users on the system.

  • Three permissions are either granted or not granted to each class of user:

    Read (r)

    Allows access to file contents and listing of directory contents.

    Write (w)

    Allows writing a file or creating files in a directory.

    Execute (x)

    Allows execution of a file and ability to read/write files in a directory.

  • These comprise nine bits in the mode User rwx, Group rwx, and Other rwx.

  • Three additional mode bits are defined:

    SUID

    To grant processes the rights of an executable file’s owner.

    SGID

    To grant processes the rights of an executable file’s group.

    Sticky bit

    Prohibits file deletion by nonowners.

  • These 12-mode bits are often referred to in octal notation as well as with mnemonic constructs.

  • Mode bits are displayed using such commands as ls and stat.

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.