CS3214 Computer Systems
CS3214 Computer Systems

** How do Unix permissions work?**

Users and groups§

Unix has traditionally used a very simple access control scheme for its files. Processes run on behalf of users, and when a process wants to access a file or directory, the OS needs to decide if a user is allowed to access this file or directory in the manner they are attempting.

To that end, each file or directory has an owner (which is a user).

There are also groups (of users) in Unix. A user may be in one or more groups.
Each file or directory has a group as well. For example:

Ownership and group ownership§

$ ls -l gettid.c 
-rw-rw-r-- 1 gback cs3214 454 Aug 21 10:34 gettid.c

The user of gettid.c is gback and the group is cs3214.

Then, each file has a set of 9 bits in 3 groups of 3: 3 bits for the user, 3 bits for the group, and 3 bits for "others".

These bits can be represented as an octal number. For instance, rw-rw-r-- corresponds to binary 110110100 or octal 0664. (In C, prefixing a constant with the digit 0 makes it octal.)

Access Control checks§

The access control check then works like this:

  • Is the user accessing the file the same as the file's owner? If so, apply the 3 bits for the owner.

  • Is the user accessing the file a member of the file's group? If so, apply the 3 bits for the group.

  • Else, apply the 3 bits for "others"

Note this means that an owner may not be able to access a file they own, but everyone else might be. (If the permissions were ------rwx.)

How are 3 bits applied for files?§

  • To open a file and read from it, read permission is required

  • To open a file and write to it, write permission is required

  • To execute a file via the exec() system call, execute permission is required

For directories, the rules are different:§

  • To open a directory and read the list of files (as in ls), read permission is required

  • To create new files or delete files in a directory, write permission is required

  • To look up a file contained in a directory by name and access it, execute permission is required for the directory.

Note that accessing a file with a path such as /a/b/c requires execute permission for directories /a and /a/b in addition to access permissions to /a/b/c

mode and umask§

When new files are created with the open() system call, you can specify the value of file mode/permissions as the third argument. This value is not directly used; rather, it is anded with the so-called umask, which is a per-process 9 bit value. Typical choices are 022 and 002. For instance, specifying mode 0666 when the umask is 022 will result in the creation of a file with permissions 0644 or rw-r--r--, a very common choice.

When frequently working with files shared with others via their group ownership, set umask 002. In this case, passing mode 0666 creates a file with permissions rw-rw-r--, thus allowing other group members access.

additional bits§

There are additional bits. The ones most frequently used are:

  • the setuid, or s bit. When applied to an executable, makes it so that when run, the process executes as the owner of the file. A security risk, rarely used anymore.

  • the setgid, or s bit. When applied to an directory, makes it so that files created in the directory inherit the directory's group ownership. (Keep in mind that users may be members of different groups, so this way it's not necessary to specify or change the group id of created files.)

  • the sticky bit, or t bit. When applied to a directory, allows for anyone to create files in this directory, but noone can remove files they didn't create. (A special mechanism to implement "upload" directories.)

FAQ§

How can I change permissions?§

Use the chmod command. It takes octal modes - overwriting the entire mode, or a more friendly syntax including u, g, o and a:

  • u - owner
  • g - group
  • o - others
  • a - all (three)

For instance, chmod o-wx clears the write and execute bit for others, etc.

Should I ever run chmod 777 *?§

No, this would

  • give everyone rwx access to your files

  • make regular files executable when they shouldn't be

What do S_IRUSR, etc. mean?§

Those are symbolic constants for the bit values. Read stat(2):

S_IRUSR  (00400)  read by owner
S_IWUSR  (00200)  write by owner
S_IXUSR  (00100)  execute/search by owner 
S_IRGRP  (00040)  read by group
S_IWGRP  (00020)  write by group
S_IXGRP  (00010)  execute/search by group
S_IROTH  (00004)  read by others
S_IWOTH  (00002)  write by others
S_IXOTH  (00001)  execute/search by others

("search" applies for directories, and means that entries within the directory can be accessed)