eli aran

hi there
i am learning unix on my own
i need some elaboration on the concept
of file and directory permissions.
i dont understand the concept of "others" (the third option regarding
permissions)
who is others? how do they access the file system?
if they can effectively access the FS then are they not assigned a group to
belong to? a username and password? in that case what is the reason for
haveing a third alternative as "others"? how can anyone belong to "others"
and gain any type of permission to a file/directory?

eli aran

thank you for your detailed reply.

bruce barnett

"Eli Aran" <eli_yardena@hotmail.com> writes:

Each file has a user ID and group ID associated with it.
The system:
checks the user ID of the person, and the file.
If the number is the same, then permission is granted.

OTHERWISE
The list of groups of the user is obtained, and if one of them matches
the group of the file, permission is granted.

OTHERWISE
The "other" permission is used.


So if you have the following permissions (userID = 100, group ID == 200)
User Group Other
RWX --- R


User ID Group ID Permission
100 (doesn't matter) RWX
150 (200) None
151 151 R

Note that the "other" permission is used if UID != 100 AND GID != 200
If the GID matches, then "other" is never checked.

RWX in directories is a little different in what R, W and X means.


R = Read the contents of the directory
W = Create new files in the directory
X = use the directory in a path

So you can have a directory
/secret RWX--X--X
and a file
/secret/file RWXR-XR-X

"others" can use the file /secret/file, but thet cannot see any other
file in that directory. If /secret had RWXR-XR-X permissions, they can
see (read) the list of files in the directory.

If a directory has "write" permission, you can create new files and rename files.
So if it was
/secret RWXRWXRWX
/secret/file RWXR-XR-X

you can rename /secret/file and replace it with your own.

So permission of directories are as important as permissions on files.

And it goes all the way up.

If the directory is in a directory with RWX permissions, you can rename the directory.


--
Sending unsolicited commercial e-mail to this account incurs a fee of
$500 per message, and acknowledges the legality of this contract.

alan connor

Anyone who doesn't belong to the group that has access to the
file/dir or isn't the owner.


With a keyboard.

But not necessarily the group that has access to a particular file/dir.

Yes. (Hopefully :-)


They can if "others" are given permission by the owners of the
file/dir.

chmod o+rwx filename

....would give them (anyone who is logged in) complete access.

AC

eli aran

thank you all for your explanations.

jj

If you need to gain access to a file where permission was denied use:
sudo
you will be asked for your password and then can gain access, but you
can do great damage if you modify the wrong file.
-jj

bill marcum

["Followup-To:" header set to comp.unix.questions.]

"Others" is a relative term, just as someone who is my friend may be a
stranger to you.

A user can belong to any one of several groups. Each file is owned by
one user and one group. For a particular file or directory, "others" is
any user who is not the file's owner or a member of the file's group.

keith thompson

"jj" <jjallday@coslink.net> writes:


sudo gives you root access *if* the sudoers file permits it, which is
the case only if the system administrator chooses to permit it.
"man sudo" for more information.

--
Keith Thompson (The_Other_Keith) kst-u@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.

urs thuermann

Bruce Barnett <spamhater113+U050305054519@grymoire.com> writes:


No, it depends on the user's permissions on the file.

No, it depends on the group's permissions on the file.


Your description above is quite inaccurate. What matters is "the user
ID of the person" but the effective user ID of the process, and also
not "the list of groups of the user" as found in /etc/passwd and
/etc/groups but the effective group ID and the supplementary groups of
the process.

A more accurate description is:

Each file (regular file, directory, char or block special device file,
etc.) has in its inode a user ID, a group ID, and 9 bits of
permissions, i.e. 3 bits corresponding to the user ID, 3 bits
corresponding to the group ID and 3 bits for "others".

Each process has (besides further attributes) an effective user ID, an
effective group ID, and a list of supplementary group IDs (typically
limited to 16 or 32 IDs).

1. If the effective user ID of the process if 0, access is granted.

2. Otherwise, if the user ID of the file matches the effective user ID
of the process, the 3 permission bits corresponding to the user ID
are checked.

3. Otherwise, if the group ID of the file matches the effective group
ID of the process or one of the list of supplementary group ID, the
3 permission bits corresponding to the group ID are checked.

4. Otherwise, the 3 permission bits for "other" are checked.

Many modern Unices and Unix file systems have more complex rules for
checking access to files. Instead of allowing everything toe root,
i.e. processes with effective uid 0, some systems know POSIX
capabilities, so processes can have the several capabilities of file
access operations, the capability to set the uid and gid, the
capability to send signals, etc. Modern file systems support access
control lists (ACL) that allow you specify different file access
permissions for a number of users and/or groups.

Followup set to comp.unix.questions, since this is OT in all of the
other groups.

urs