The basic:
All the Linux users know about the "rwx" file permissions. These defines if the people who is the owner/ in the same group/ any other people can read/write/execute the file.
However, have you notice some other things in the permission field? Sometimes a "s", sometimes a "t", or "c", "b", "l"... What does this mean? In this article, we'll check out the meanings of all these characters.
First things first, let's make the basic clear. When we do a:
ls -l
in a directory, we get something like this:
drwxr-xr-x 2 dejavu dejavu 512 7 23 14:52 directory
-rw-r--r-- 1 dejavu dejavu 3 7 23 14:52 file
What we are caring about here is the first 10 characters. The first character is "d" if it is a directory, and a "-" if it is a normal file. The following 9 characters can be divided into 3 groups: 2-4, 5-7, 8-10. Which marks the permissions for owner, group, and others, accordingly.
For a file, read, write, and executable is straightforward. For a directory, read and write is easy to understand too. But.... What does "x" for a directory mean? Could we really execute a directory?
What "x" mean for directories
In the Linux file system, everything is a file. The directory is just a special kind of file. And in this "directory" file, there are several blocks, each block holds the information of one file or one sub-directory in it.
Thus we can understand why the r permission is needed to do a ls in a directory: in fact the ls program reads the "directory" file and re-formats it to some human readable text.
And we can understand why we need the w permission to create, delete, or rename a file/sub-directory in a directory: we actually need to write to this "directory" file, to modify the corresponding blocks.
And for x, executable, let's think it as "search, and read part of the file, and then do things accordingly".
Now if we want to enter a directory, say cd to it, we'll need to read part of the "directory" file and do things accordingly. So if we don't have a x permission on a directory, we can't cd into it.
And say if we have an executable file in a directory, if we want to run that file, we first need to make sure the file exists (read the "directory" file), and then do things accordingly(executable permission of the "directory" file)
It might be confusing and you might say: "I'll just make the r and the x appears together". Right. This is indeed most of the cases. However, with the understanding above, we can do something really cool:
First, let's setup our experiment environment:
mkdir directory
cd directory
echo "hello" > file
Now if we do:
ls -l
we'll get something like:
-rw-r--r-- 1 dejavu dejavu 6 7 23 15:40 file
The permission bit mights be slightly different, depending on your umask settings, and the user-name/group-name will be different. Now do a:
cd ..
chmod 300 directory
ls -l
And you'll see:
d-wx------ 2 dejavu dejavu 512 7 23 15:40 directory
We have the executable permission, but not the read permission on this directory. Now if we try to:
cd directory
ls -l
We'll be able to do the cd command, which is decide by the x permission we have, but the ls -l command will fail:
Opening directory: permission denied
This says we don't have the r permission, so we can't read the "directory" file and find out what is in it.
But we know there's a file named "file" in it. So we can do:
cat file
or:
cd ..
cat directory/file
and we'll get what we want: the output as:
hello
Note if you are using some "tab completion" on file and directory names of your shell, you'll find out that they won't work on the name "file". This is because the file/directory name completion need to read what is in the directory, and requires the r permission of the "directory" file, which we don't have here.
The first character
As we said above, Linux treats everything is the file system a file. Most of the time we'll see directory files (with a d as the first character of the permission field) and normal files (with a - as the first character of the permission field).
However if you do a:
ls /dev
You'll find many other characters: c, b, and l, etc.
These are for "special" files in Linux. Both c and b marks device files, which corresponds to a device.
In the Linux world, there are two ways to read/write a file: stream based, and block based. Stream based means we'll need to read or write the file character by character. As for device, this is typically the terminals. And for block based devices, we read/write the file block by block, the block size, 512 bytes, 1024 bytes, will be determined by the device. The most typical device is the disk.
And a l marks a symbolic link file. Think symbolic link file kind of the "file shortcut" on windows. And we'll talk more about this in a later article.
There are also s and p. Where s means a Unix socket, and p means a named pipeline. These are facilities the Linux programs used to to IPC - Inter Process Communication. Most of the time the programs will create and delete these files automatically, and you don't need to worry about them.
Setuid setgid and sticky bits:
I have already discussed about these three in my previous posts..
You can refer the below links:
http://basicslinux.blogspot.com/2009/09/sticky-bit.html
http://basicslinux.blogspot.com/2009/09/special-permissions-within-red-hat.html