symbolic form or as an octal number.
@menu
-* Mode Structure:: Structure of file permissions.
-* Symbolic Modes:: Mnemonic permissions representation.
-* Numeric Modes:: Permissions as octal numbers.
+* Mode Structure:: Structure of file mode bits.
+* Symbolic Modes:: Mnemonic representation of file mode bits.
+* Numeric Modes:: File mode bits as octal numbers.
* Directory Setuid and Setgid:: Set-user-ID and set-group-ID on directories.
@end menu
@node Mode Structure
-@section Structure of File Permissions
+@section Structure of File Mode Bits
The file mode bits have two parts: the @dfn{file permission bits},
which control ordinary access to the file, and @dfn{special mode
permission to write to (change) the file. For directories, this means
permission to create and remove files in the directory.
@item
-@cindex execute permission
+@cindex execute/search permission
permission to execute the file (run it as a program). For directories,
this means permission to access files in the directory.
@end enumerate
@cindex restricted deletion flag
Prevent unprivileged users from removing or renaming a file in a directory
unless they own the file or the directory; this is called the
-@dfn{restricted deletion flag} for the directory.
-For regular files on some systems, save the program's text image on the
+@dfn{restricted deletion flag} for the directory, and is commonly
+found on world-writable directories like @file{/tmp}.
+
+For regular files on some older systems, save the program's text image on the
swap device so it will load more quickly when run; this is called the
@dfn{sticky bit}.
@end enumerate
@table @asis
@item ext2
-On @acronym{GNU} and @acronym{GNU}/Linux the file permissions
-(``attributes'') specific to
+On @acronym{GNU} and @acronym{GNU}/Linux the file attributes specific to
the ext2 file system are set using @command{chattr}.
@item FFS
-On FreeBSD the file permissions (``flags'') specific to the FFS
-file system are set using @command{chrflags}.
+On FreeBSD the file flags specific to the FFS
+file system are set using @command{chflags}.
@end table
-Even if a file's permission bits allow an operation on that file,
+Even if a file's mode bits allow an operation on that file,
that operation may still fail, because:
@itemize
@item
-the file-system-specific permissions do not permit it;
+the file-system-specific attributes or flags do not permit it; or
@item
the file system is mounted as read-only.
The basic symbolic operations on a file's permissions are adding,
removing, and setting the permission that certain users have to read,
-write, and execute the file. These operations have the following
+write, and execute or search the file. These operations have the following
format:
@example
@cindex write permission, symbolic
the permission the @var{users} have to write to the file;
@item x
-@cindex execute permission, symbolic
-the permission the @var{users} have to execute the file.
+@cindex execute/search permission, symbolic
+the permission the @var{users} have to execute the file,
+or search it if it is a directory.
@end table
-For example, to give everyone permission to read and write a file,
+For example, to give everyone permission to read and write a regular file,
but not to execute it, use:
@example
@subsection Changing Special Mode Bits
@cindex changing special mode bits
-In addition to changing a file's read, write, and execute permissions,
+In addition to changing a file's read, write, and execute/search permissions,
you can change its special mode bits. @xref{Mode Structure}, for a
summary of these special mode bits.
@noindent
does set the restricted deletion flag or sticky bit, but it also
-removes all read, write, and execute permissions that users not in the
+removes all read, write, and execute/search permissions that users not in the
file's group might have had for it.
@xref{Directory Setuid and Setgid}, for additional rules concerning
@cindex conditional executability
There is one more special type of symbolic permission: if you use
-@samp{X} instead of @samp{x}, execute permission is affected only if the
+@samp{X} instead of @samp{x}, execute/search permission is affected only if the
file is a directory or already had execute permission.
For example, this mode:
@noindent
gives users other than the owner of the file read permission and, if
it is a directory or if someone already had execute permission
-to it, gives them execute permission; and it also denies them write
+to it, gives them execute/search permission; and it also denies them write
permission to the file. It does not affect the permission that the
owner of the file has for it. The above mode is equivalent to
the two modes:
@noindent
gives all users permission to read the file, and gives users who are in
-the file's group permission to execute it, as well, but not permission
+the file's group permission to execute/search it as well, but not permission
to write to it. The above mode could be written in several different
ways; another is:
@cindex octal numbers for file modes
As an
alternative to giving a symbolic mode, you can give an octal (base 8)
-number that represents the new mode.
+number that represents the mode.
This number is always interpreted in octal; you do not have to add a
leading @samp{0}, as you do in C.
Mode Mode Bit
Other users not in the file's group:
- 1 Execute
+ 1 Execute/search
2 Write
4 Read
Other users in the file's group:
- 10 Execute
+ 10 Execute/search
20 Write
40 Read
The file's owner:
- 100 Execute
+ 100 Execute/search
200 Write
400 Read
projects / platform / upstream / coreutils.git / commitdiff