File system permissions

Most file systems have methods to assign permissions or access rights to specific users and groups of users. These systems control the ability of the users to view or make changes to the contents of the filesystem.

Operating system variations

Unix-like and otherwise POSIX-compliant systems, including Linux-based systems and all Mac OS X versions, have a simple system for managing individual file permissions, which in this article are called "traditional Unix permissions". Most of these systems also support some kind of access control lists, either proprietary (old HP-UX ACLs, for example), or POSIX.1e ACLs, based on an early POSIX draft that was withdrawn in 1997, or NFSv4 ACLs, which are part of the NFSv4 standard.

Microsoft and IBM DOS variants (including MS-DOS, PC DOS, Windows 95, Windows 98, Windows 98 SE, and Windows Me) do not have permissions, only file attributes. There is a read-only attribute (R), which can be set or unset on a file by any user or program, and therefore does not prevent him/her/it from changing/deleting the file. There is no permission in these systems which would prevent a user from reading a file.

Other MS-DOS/PC DOS-compatible operating systems such as DR DOS 3.31 and higher, PalmDOS, Novell DOS and OpenDOS, FlexOS, 4680 OS, 4690 OS, Concurrent DOS, Multiuser DOS, Datapac System Manager and IMS REAL/32 support read/write/execute/delete file/directory access permissions on FAT volumes. With the exception of FlexOS, 4680 OS, and 4690 OS all these operating systems also support individual file/directory passwords. All operating systems except for DR DOS, PalmDOS, Novell DOS and OpenDOS also support three independent file/directory ownership classes world/group/owner, whereas the single-user operating systems DR DOS 6.0 and higher, PalmDOS, Novell DOS and OpenDOS only support them with an optional multi-user security module (SECURITY.BIN) loaded.

OpenVMS (a.k.a. VMS), as well as Microsoft Windows NT and its derivatives (including Windows 2000 and Windows XP), use access control lists (ACLs)[1] to administer a more complex and varied set of permissions. OpenVMS also uses a permission scheme similar to that of Unix, but more complex. There are four categories (System, Owner, Group, and World) and four types of access permissions (Read, Write, Execute and Delete). The categories are not mutually disjoint: World includes Group which in turn includes Owner. The System category independently includes system users (similar to superusers in Unix).[2]

Classic Mac Operating Systems' HFS do not support permissions, only file attributes: "Hidden" (does not show in directory listings); "Locked" (read-only); "Name locked" (cannot be renamed); and "Stationery" (copy-on-write).

The AmigaOS Filesystem, AmigaDOS supports a relatively advanced permissions system, for a single-user OS. In AmigaOS 1.x, files had Archive, Read, Write, Execute and Delete (collectively known as ARWED) permissions/flags. In AmigaOS 2.x and higher, additional Hold, Script, and Pure permissions/flags were added.

Mac OS X versions 10.3 ("Panther") and prior use POSIX-compliant permissions. Mac OS X, beginning with version 10.4 ("Tiger"), also support the use of NFSv4 ACLs. They still support "traditional Unix permissions" as used in previous versions of Mac OS X, and the Apple Mac OS X Server version 10.4+ File Services Administration Manual recommends using only traditional Unix permissions if possible. It also still supports the Mac OS Classic's "Protected" attribute.

Solaris ACL support depends on the filesystem being used; older UFS filesystem supports POSIX.1e ACLs, while ZFS supports only NFSv4 ACLs.[3]

Linux supports POSIX.1e ACLs. There is experimental support for NFSv4 ACLs for ext3 filesystem [4] and ext4 filesystem.

FreeBSD supports POSIX.1e ACLs on UFS, and NFSv4 ACLs on UFS and ZFS.[5][6]

IBM z/OS implements file security via RACF (Resource Access Control Facility)[7]

Traditional Unix permissions

Permissions on Unix-like systems are managed in three distinct scopes or classes. These scopes are known as user, group, and others.

When a file is created on a Unix-like system, its permissions are restricted by the umask of the process that created it.

Classes

Files and directories are owned by a user. The owner determines the file's user class. Distinct permissions apply to the owner.

Files and directories are assigned a group, which define the file's group class. Distinct permissions apply to members of the file's group. The owner may be a member of the file's group.

Users who are not the owner, nor a member of the group, comprise a file's others class. Distinct permissions apply to others.

The effective permissions are determined based on the first class the user falls within in the order of user, group then others. For example, the user who is the owner of the file will have the permissions given to the user class regardless of the permissions assigned to the group class or others class.

Permissions

Main article: Modes (Unix)

Unix-like systems implement three specific permissions that apply to each class:

The effect of setting the permissions on a directory, rather than a file, is "one of the most frequently misunderstood file permission issues".[8]

When a permission is not set, the corresponding rights are denied. Unlike ACL-based systems, permissions on Unix-like systems are not inherited. Files created within a directory do not necessarily have the same permissions as that directory.

Changing permission behavior with setuid, setgid, and sticky bits

Unix-like systems typically employ three additional modes. These are actually attributes but are referred to as permissions or modes. These special modes are for a file or directory overall, not by a class, though in the symbolic notation (see below) the setuid bit is set in the triad for the user, the setgid bit is set in the triad for the group and the sticky bit is set in the triad for others.

These additional modes are also referred to as setuid bit, setgid bit, and sticky bit, due to the fact that they each occupy only one bit.

Notation of traditional Unix permissions

Symbolic notation

Unix permissions are represented either in symbolic notation or in octal notation.

The most common form is symbolic notation as shown by ls -l.

Three permission triads
first triadwhat the owner can do
second triadwhat the group members can do
third triadwhat other users can do
Each triad
first characterr: readable
second characterw: writable
third characterx: executable
s or t: setuid/setgid or sticky (also executable)
S or T: setuid/setgid or sticky (not executable)

The first character of the ls display indicates the file type and is not related to permissions. The remaining nine characters are in three sets, each representing a class of permissions as three characters. The first set represents the user class. The second set represents the group class. The third set represents the others class.

Each of the three characters represent the read, write, and execute permissions:

The following are some examples of symbolic notation:

In some permission systems additional symbols in the ls -l display represent additional permission features:

To represent the setuid, setgid and sticky or text attributes, the executable character ('x' or '-') is modified. Though these attributes affect the overall file, not only users in one class, the setuid attribute modifies the executable character in the triad for the user, the setgid attribute modifies the executable character in the triad for the group and the sticky or text attribute modifies the executable character in the triad for others. For the setuid or setgid attributes, in the first or second triad, the 'x' becomes 's' and the '-' becomes 'S'. For the sticky or text attribute, in the third triad, the 'x' becomes 't' and the '-' becomes 'T'. Here is an example:

Numeric notation

Another method for representing Unix permissions is an octal (base-8) notation as shown by stat -c %a. This notation consists of at least three digits. Each of the three rightmost digits represents a different component of the permissions: owner, group, and others.

Each of these digits is the sum of its component bits in the binary numeral system. As a result, specific bits add to the sum as it is represented by a numeral:

These values never produce ambiguous combinations; each sum represents a specific set of permissions. More technically, this is an octal representation of a bit field – each bit references a separate permission, and grouping 3 bits at a time in octal corresponds to grouping these permissions by user, group, and others.

These are the examples from the symbolic notation section given in octal notation:

Symbolic Notation Numeric Notation English
---------- 0000 no permissions
---x--x--x 0111 execute
--w--w--w- 0222 write
--wx-wx-wx 0333 write & execute
-r--r--r-- 0444 read
-r-xr-xr-x 0555 read & execute
-rw-rw-rw- 0666 read & write
-rwxrwxrwx 0777 read, write, & execute
-rwxr----- 0740 user can read, write, & execute; group can only read; others have no permissions

User private group

Some systems diverge from the traditional POSIX-model of users and groups, by creating a new group  a "user private group"  for each user. Assuming each user is the only member of its user private group, this scheme allows an umask of 002 to be used without allowing other users to write to newly created files in normal directories because such files are assigned to the creating user's private group. However, when sharing files is desirable, the administrator can create a group containing the desired users, create a group-writable directory assigned to the new group, and, most importantly, make the directory setgid. Making it setgid will cause files created in it to be assigned to the same group as the directory and the 002 umask (enabled by using user private groups) will ensure that other members of the group will be able to write to those files. [9] [10]

See also

References

External links

This article is issued from Wikipedia - version of the Wednesday, February 10, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.