it's 4 groups of 3 bits. For example, "4755" corresponds to 100
111 101 101
. Here's what each of those sections corresponds to:
100: setuid, setgid, sticky bits 111: user r/w/x bits 101: group r/w/x bits 101: other r/w/x bits
ls -l
, it displays the permissions like
this: -rwxr-xr-x
. what do r
,
w
, and x
stand for?
there are 3 sets of read/write/execute permissions: for the user who owns the file, the group that owns the file, and for others
0644
, does that mean the
"group can write to this file" bit is set to 1?
0644
in binary is 000 110 100 100
. Let's break down what that means:
000 110 user can read/write 100 group can read 100 all can read
so anyone can read the file, but only the user who owns the file can write to it.
the kernel does all permission checks based on user ID / group IDs -- usernames and group names only really exist to make it more usable by humans
for directories here's what the read/write/execute bit mean:
0666
on a file, does that
mean anyone can read it?
the read bit is set to 1
, so you'll usually be able to read it. But! If
any of the parent directories of that file have their execute bit set to
0
, that will prevent you from reading any file underneath
that directory (try it!).
0000
, does that
mean that nobody can read it?
root
can still read/write files with 0000
permissions.
when you're logged in as a user, almost all the processes you start will have their UID set to your UID.
technically Unix processes have like 4 different UIDs but most of the time they're all the same
processes have a main GID and also a list of supplementary group IDs. file permission checks will check to see if any of the process's group IDs match the file's owner.
this is why if you're running a shell and you add yourself to a group in the middle, you won't have the new groups until you log out and login again.
setuid
bit do?
for example, passwd
(which changes your password) usually
has the setuid bit set, because it needs to run as root to be able to
write to the file that changes your password.
I've never used the sticky bit or the setgid bit so I'm not going to ask any questions about those :)
you have to have superuser privileges (or CAP_SETUID
on
Linux) to change your UID.
sudo
to let you run commands as
root?
sudo always runs as root, so it will start programs for you as root if the /etc/sudoers says you're allowed to