Most of the resources available on a UNIX system are accessed as though they were files. In addition to traditional hard disk files containing data, the operating system treats devices (like printers and modems) as special kinds of files. The commands you use to work on the system are executable programs accessed as files. Even network connections can be treated as special types of files. Thus, a clear understanding of the basic attributes of files extends to an understanding of how access to a wide class of system resources is managed. In this module, we will investigate the access control primitives of the UNIX system. The system is based on a notion of ownership, together with a set of access permissions.
At the completion of this module, you will be able to:
- Describe the central role that files play in the UNIX environment
- List the principles of file and directory ownership
- Set user and group ownership
- Explain how UNIX grants access to files and directories
- Set file and directory access permissions
To make a script file executable, add the execute permission to the access permissions for the file. To do so, use the chmod command. The syntax and function of the chmod command are as follows.
$ chmod [options] octal-mode file[s]
$ chmod [options] symbolic-mode file[s]
Function: to change or set permissions for files in the arguments.
Common options:
- -f: to force specified access permissions; if the owner of the file does the change, no error messages will be prompted.
- -R: to change permissions recursively descending through directories for all of the files and subdirectories under each directory.
For the octal mode, three octal numbers are needed, which represent the access permissions for all the users of a file.
There are three types of users and three types of permissions in the UNIX operating system. If 1 bit represents a permission type, 3 bits are needed to indicate file permissions for one type of users (user, group, or others). Hence, the whole permissions for a UNIX file can be represented by a number with nine bits. Each bit can be 1 (permission allowed) or 0 (permission not allowed). One type of users of a file can have one of the eight possible types of permissions for this file. Eight 3-bit values of permissions can be represented by octal numbers from 0 through 7 if 0 means no permissions, and 7 means all
(read, write, and execute) permissions.
Files are central to Unix in ways that are not true for some other operating systems. Commands are executable files, usually stored in standard locations in the directory tree. System privileges and permissions are controlled in large part via access to files. Device I/O and file I/O are distinguished only at the lowest level. Even most inter-process communication occurs via file-like entities. Accordingly, the Unix view of files and its standard directory structure are among the first things a new administrator needs to know about. Like all modern operating systems, Unix has a hierarchical
(tree-structured) directory[1] organization, know collectively as the filesystem.* The base of this tree is a directory called the root directory. The root directory has the special name / (the forward slash character). On Unix systems, all user-available disk space is transparently combined into a single directory tree under /, and the physical disk a file resides on is not part of a Unix file specification. Access to files is organized around file ownership and protection. Security on a Unix system depends to a large extent on the interplay between the ownership and protection settings on its files and the system’s user account and group† structure (as well as factors like physical access to the machine). The following sections discuss the basic principles of Unix file ownership and protection.