3.2. Understanding POSIX Permissions
As I mentioned, Mac OS X, as a variety of Unix, labels each and every file and folder with a series of permissions. Leopard and Snow Leopard follow the POSIX standard, which specifies, among other things, a way to express permissions. Most other varieties of Unix also use POSIX permissions.
3.2.1. Read, write, and execute
To begin at the simplest level, POSIX permissions include three main capabilities for any item: read (abbreviated r), write (abbreviated w), and execute (abbreviated x). Read, of course, means open a file and see what's inside. Write permission implies permission to modify or delete a file or folder. Execute permission means, in the case of a program, permission to run it — or, in the case of a folder, permission to list its contents.
Read, write, and execute permissions for a file or folder appear as a simple cluster of three characters, always in the same order: rwx. If all three characters are present, then a user has read, write, and execute permission. If any character is replaced with a hyphen (-), it means the user doesn't have that permission. So, r-x means permission to read and execute but not write; rw- means permission to read and write but not execute; r-- means permission to read but not write or execute.
3.2.2. User, group, and other
In fact, you never see just one cluster of rwx characters; they always come in threes: rwxrwxrwx. Although r, w, and x always mean the same thing, they apply to different sets ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.