Directory and file management

How to determine existing permissions

You can determine what permissions are currently in effect on a file or a directory by using ls -l to produce a long listing of a directory's contents.

In the first field of the ls -l output, the next nine characters are interpreted as three sets of three bits each. The first set refers to the owner's permissions; the next to permissions of members in the file's group; and the last to all others. Within each set, the three characters show permission to read, to write, and to execute the file as a program, respectively. For a directory, ``execute'' permission is interpreted to mean permission to search the directory for a specified file. For example, typing ls -l while in the directory named starship/bin in the sample file system produces the following output:

$ ls -l
total 35
-rwxr-xr-x 1 starship project 9346 Nov 1 08:06 display
-rw-r--r-- 1 starship project 6428 Dec 2 10:24 list
drwx--x--x 2 starship project 32 Nov 8 15:32 tools

Permissions for the display and list files and the tools directory are shown on the left of the screen under the line total 35, and appear in this format:

-rwxr-xr-x (for the display file)
-rw-r--r-- (for the list file))
drwx--x--x (for the tools directory)

After the initial character, which describes the file type (for example, a - (dash) symbolizes a regular file and a d a directory), the other nine characters that set the permissions comprise three sets of three characters. The first set refers to permissions for the owner, the second set to permissions for group members, and the last set to permissions for all other system users. Within each set of characters, the r, w and x show the permissions currently granted to each category. If a dash appears instead of an r, w or x permission to read, write or execute is denied.

The following diagram summarizes this breakdown for the file named display.

As you can see, the owner has r, w, and x permissions and members of the group and other system users have r and x permissions.

There are two exceptions to this notation system. Occasionally the letter s or the letter l may appear in the permissions line, instead of an r, w or x. The letter s (short for set user ID or set group ID) represents a special type of permission to execute a file. It appears where you normally see an x (or -) for the user or group (the first and second sets of permissions). From a user's point of view it is equivalent to an x in the same position; it implies that execute permission exists. It is significant only for programmers and system administrators. (See ``Setting and changing user and group IDs (UID/GID)'' for details about setting the user or group ID.) The letter l indicates that locking will occur when the file is accessed. It does not mean that the file has been locked. The permissions are as follows:

File access permissions

Symbol Explanation
r The file is readable.
w The file is writable.
x The file is executable.
- This permission is not granted.
l Mandatory locking will occur during access. (The set-group-ID bit is on and the ``group'' execution bit is off.)
s The set-user-ID or set-group-ID bit is on, and the corresponding ``user'' or ``group'' execution bit is also on.
S The set-user-ID bit is on and the ``user'' execution bit is off.
t The sticky and the execution bits for ``other'' are on.
T The sticky bit is turned on, and the execution bit for ``other'' is off.

Directory access permissions

Symbol Explanation
r The directory is readable.
w The directory may be altered (files may be added or removed).
x The directory may be searched. (This permission is required to cd to the directory.)
t File removal from a writable directory is limited to the owner of the directory or file unless the file is writable.

Next topic: How to change existing permissions
Previous topic: umask settings for different security levels

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 27 April 2004