Friday, May 27, 2011

Chapter 7. File Permissions

Chapter Syllabus

7.1 Who Are UNIX Users?

7.2 Types of File Permissions

7.3 Modifying File Permissions

7.4 Default File Permissions

7.5 Changing the Owner and Group of a File

7.6 Special File Permissions

7.7 Finding Files Having a Particular Set of File Permissions

7.8 Access Control Lists

7.9 Miscellaneous Commands

In a multiuser operating system like UNIX, many people are using system resources including disks and files. It is important to keep individual user files secure so that other users are not able to read, modify, or delete them. At the same time, users may be working on the same project and need to share files among themselves. It becomes important that a user be able to grant read or write access to some of the other users. If a group of programmers is working on some software development project, they need to share code and information. They also need to protect this information from people outside the group.

UNIX implements a file security policy by dividing users into three categories. These are the owner of a file, the group of users to which the owner of a file belongs, and all other users of the system. Files and directories can be granted read, write, or execute permissions to one or more user groups. In addition to this file permission scheme, HP-UX also implements another scheme, which is known as access control lists (ACLs). Using an ACL, individual users can also be granted specific permissions in addition to group permissions.

In this chapter, we will go through some basic concepts of UNIX file permissions. You will learn categories of UNIX users and how file permissions are managed among them. You will study types of file permissions and how to change them. Here some commands to change or modify file permissions will be introduced. All users can't use all of these commands, and you will see who is permitted to do what. There is a set of default file permissions, and you will see how to deal with it. Many times you need to change the owner or group of a file, and you will learn some commands to do so. You will see what the special file permissions are and how these affect system security. Then there will be a method to find files with a particular set of permissions. In the end, ACLs will be introduced and a method for listing and changing the ACL associated with a file will be presented.

After going through this chapter, you will be able to list and modify file and directory permissions and ACLs. You will also be able to find potential security problems related to wrong file permissions.

7.1 Who Are UNIX Users

The users on a UNIX system are divided into groups. Every user must be a member of one of the groups. The group information is maintained in the /etc/group file. Although a user may be member of more than one group, he or she has a primary group membership. All other groups are secondary groups for a particular user. The file security and permission system is designed on the group information. A user who creates a file is the owner of that file. The owner of a file has the privilege to assign or revoke file permissions to other users. The owner can assign any permissions to the members of any group of which the owner is a member. All other users of the system who don't belong to this group are considered "others" in UNIX terminology. Sometimes these "other" users are also called "world," and permissions granted to them are "world" permissions.

From this discussion, we conclude that there are three types of users in UNIX. They are:

1. the owner

2. the group

3. others

Every file and directory has a permission set that tells which user has what permission. No one except the owner or the superuser can alter this permission set.

The division of users in this scheme provides a lot of convenience for securing as well as sharing files among different users. Multiple group membership for a user is also very useful. For example, an accounts manager may be a member of the accounts group and the managers group. The accounts manager can then share files related to management tasks with other managers, but the files are still protected from other members of the accounts group. Similarly, there may be an applications group, members of which may be able to run or stop applications on the system. Some of these members may also be assigned some of the system administration tasks and in a special group created by the system administrator.

7.2 Types of File Permissions

Every file in UNIX has one or more of three types of permissions. A file may be readable, writable, or executable. A user who has read-only permission for a particular file can only read it and is not able to change its contents or to delete the file. A write permission allows a user to modify the file or delete it. As we mentioned in Chapter 2, there are no special names for executable files in UNIX. Any file can be executable if a user has permission to execute it and if it is a valid executable file or shell script. If a user compiles a program but nobody has the right to execute it, it will not be executed. On the other hand, if you assign execute permission to a file that does not contain anything to execute, UNIX still tries to execute and displays an error message.

File permissions can be displayed using the ll (or ls -l) command in HP-UX. This command shows the long listing of files. The first field consists of 10 characters. The first character shows the type of the file. File types are explained in Table 7-1. The next three characters (2nd to 4th) show permissions for the

owner of the file. These permissions are always listed in rwx format. In rwx format, "r" represents read permission, "w" is used for write permission, and "x" is for execute permission. If one of these characters is present, it shows that the permission is granted. If the character is not there, a hyphen "-" is placed, showing that the permission is withheld. After the file owner permissions, the next combination of rwx shows permissions of the group to which the owner belongs. The last combination of rwx is for all other users of the UNIX system.

Table 7-1. File Types as Displayed by the ll Command

First Character in First Field

Type of File


Ordinary file




Symbolic ( or "soft" ) link file


Character device file, like a modem or terminal


Block device file, like a disk


Named pipe

To understand the file permissions, consider the following example where we use the ll command to list files in the current directory.

$ ll

total 28

-rwxrw-r-- 1 boota users 103 Sep 8 18:06 abc

drwxrwxrwx 2 root sys 8192 Sep 8 18:00 usage

-rw-r----- 1 boota users 44 Sep 3 20:24 qwe

-rw-rw-rw- 1 boota users 2078 Jul 2 00:38 sqlnet.log

-rw-rw-rw- 1 boota users 14 Sep 3 18:28 xyz

-rw-rw-rw- 1 boota users 68 Sep 3 20:24 zxc

Now, you can see from this listing that abc is an ordinary file. It has read, write, and execute permissions for the owner of the file (user name boota shown in third column). Other members of the group (group name users shown in fourth field) have read and write permissions for the file, but they are not able to execute it. The last set, r-—, shows that users who are not members of the group users can only read this file.

The next file in the listing is a directory with the name usage. We came to know that this is a directory by looking at the first character of the line, which is "d". You can see from the listing that user root is the owner of this directory and that it

belongs to group sys. Everyone has read, write, and execute permissions for this directory. Then we have a file qwe and we can see that other users have no permission for this file.

Importance of Read Permission

Read permission is the basic file permission. Other permissions are not of much use if someone doesn't have the read permission. If a regular user has no read permission for a file but has execute permission, he or she can't execute the file, as you need to read the file before executing it. Also, having write permission without a read permission will allow a user to delete the file. The user will not be able to edit the file because you need to read the file before you edit it.

For example, prog2 is a program file having the following permissions. The owner can't execute it because the read permission is denied.

---xrw-rw- 1 boota users 14 Sep 3 18:28 prog2

If the owner of the file tries to execute the file, the following message appears.

$ prog2

sh: prog2: Cannot find or open the file.


As you can see from the file permissions for the owner (--x), although the owner has execute permission, the shell is not able to read the program file. And if you can't read a program, how can you execute it?

Left-to-Right Rule of File Permissions

In UNIX, the permissions are read from left to right. It means that the first allow or deny that comes to your path is applied. For example, if the owner of a file doesn't have execute permission to a file and the group has the execute permission, the owner will not be able to execute the file. This is because, first of all, owner permissions were analyzed by the shell and it came to know that the execute permission is revoked. The shell did not go further in checking the group or other permissions and stopped any further action on the file with an error message. Consider the same program we used in the previous example with permission set as shown below.

-rw-rwxrwx 1 boota users 14 Sep 3 18:28 prog2

Here the owner has read and write permission but all others have execute permission in addition to read and write. When the owner executes the program, the following message appears

$ prog2

sh: prog2: Execute permission denied.


The UNIX way of interpreting file permissions is different from some other operating systems that analyze all permissions applied to a user and take the most allowed or most restricted permissions set.

Directory Permissions

Most users organize files in directories. Directory-related permissions affect all of the files contained in that directory. There are some rules that should be kept in mind when granting or revoking permissions to a directory. For a proper operation, a directory should have read and execute permissions set. The following rules apply to directory permissions in addition to general file permissions:

If read permission for a directory is not set, no file inside the directory can be listed or accessed.

If execute permission of a directory is not set, files inside the directory can be listed with names only. This means ls will work but ll will not work. Also, no files inside the directory can be read or executed. Because of this, the execute permission for a directory is also called list permission.

If only execute permission is set and read or write permissions are not set, a user can go into the directory with the cd command and execute a program inside the directory if the program name is known. Also, a file can be viewed with the cat command if the file name is already known. It means you can execute programs but can't see the files.

If a directory contains a file that a user can't delete (no write permission), he or she can't delete the directory even though write permission is granted for the directory.

We will see an example of how directory permissions affect files inside a directory, but first let us see how we can change file permissions.

7.3 Modifying File Permissions

The superuser or owner of a file can modify its permissions. We use the chmod command for modifying permissions of a file. Permissions can be changed in two ways; you can use either user symbolic modes or octal numbers for modifying permissions.

Modifying File Permissions Using Symbolic Modes

There are four user modes that can be used with the chmod command. We represent different users with these modes. Also, there are file modes which are represented with characters we have studied earlier. User and file modes are listed in Table 7-2.

Table 7-2. User and File Modes




User or owner of a file


Group membership of the file


Others (not owner or member of group)


All users


Read permission


Write permission


Execute permission

To grant permission to a user, we use the "+" symbol between the user and file modes. To revoke a permission, use "-" between the user and file modes. To exactly assign a permission, regardless of the previous permission, we use the "=" symbol.

For example, to grant execute permission to the owner of file myprog, the chmod command will be used as follows. We have used the ll command to show old and new file permissions.

$ ll myprog

-rw-rw-rw- 1 boota users 103 Sep 8 18:06 myprog

$ chmod u+x myprog

$ ll myprog

-rwxrw-rw- 1 boota users 103 Sep 8 18:06 myprog


To revoke write permission of other users, we can use the following command.

$ ll myprog

-rwxrw-rw- 1 boota users 103 Sep 8 18:06 myprog

$ chmod o-w myprog

$ ll myprog

-rwxrw-r-- 1 boota users 103 Sep 8 18:06 myprog


Now the owner has all read, write, and execute permissions, members of the users group have read and write permissions, and all other users have only read permissions. If you want to grant all users only read permissions, you can use following command.

$ ll myprog

-rwxrw-r-- 1 boota users 103 Sep 8 18:06 myprog

$ chmod a=r myprog

$ ll myprog

-r--r--r-- 1 boota users 103 Sep 8 18:06 myprog


As you have seen, when we use the "=" symbol, the new file permissions are set regardless of the previous permissions.

You can also combine more than one mode in the command line to change multiple permissions simultaneously, as in the following example.

$ ll myprog

-r--r--r-- 1 boota users 103 Sep 8 18:06 myprog

$ chmod u+x,o-r myprog

$ ll myprog

-r-xr----- 1 boota users 103 Sep 8 18:06 myprog


Changing File Permissions Using Octal Numbers

Each group of rwx can be represented by an octal number. In the binary number system each position has a weight associated with it. These weights double at each step as we move from right to left, the right-most character carrying weight 1. If we map this scheme to rwx, the "x" carries weight 1, "w" carries weight 2 and "r" carries weight 4. We can change symbolic modes with these weights. A file that has all the permissions set can be considered as carrying weight 7 (4+2+1). A file with only read and write permissions will carry weight 6 (4+2). As three binary characters make one octal digit, we add weights of three modes for each user group (owner, group, others) to make an octal number containing three

digits. As an example, if we want to grant all three (read, write, execute) permissions to all users, we can use 777 with chmod as follows.

$ ll myprog

-r--r--r-- 1 boota users 103 Sep 8 18:06 myprog

$ chmod 777 myprog

$ ll myprog

-rwxrwxrwx 1 boota users 103 Sep 8 18:06 myprog


If you want to grant all permissions to the owner (4+2+1=7), read and execute permissions to the group (4+1=5), and no permission for other users (0), the command is:

$ ll myprog

-r--r--r-- 1 boota users 103 Sep 8 18:06 myprog

$ chmod 750 myprog

$ ll myprog

-rwxr-x--- 1 boota users 103 Sep 8 18:06 myprog


If you feel comfortable with octal numbers, this is a quicker way to grant or revoke multiple file permissions.

7.4 Default File Permissions

What will be the permissions of a newly created file or directory? By default, all new files carry rw-rw-rw- and all new directories have rwxrwxrwx permission. We can control default file permissions with the umask command. The umask command sets the mask for new files. A mask is three digit octal number similar to the one we used to set file permission. It shows which permissions will be revoked when new files or directories are created. For example, if you set umask to value 022, the write permission for group and other users will be withheld for a new file. New default permissions for files will be rw-r--r--, and for directories these will be rwxr-xr-x. See the following command sequence for the role of umask on new files.

$ touch file1

$ ll file1

-rw-rw-rw- 1 boota users 0 Sep 8 18:06 file1

$ umask 022

$ touch file2

$ ll file2

-rw-r--r-- 1 boota users 0 Sep 8 18:06 file2


This happened because the octal character 2 represents "w" in the symbolic mode. When this appears in the group and other places, it revokes "w" or write permission from both of these. Also note that we have used the touch command, which creates a zero-size file if the file does not already exist. The touch command changes file update time to the current time if the file already exists.

The current mask value is displayed with the umask command when used without any argument.

$ umask



A new mask value can be set at any time. A better place for setting the mask value is the user startup file $HOME/.profile so that the value is set as soon as a user logs in.

7.5 Changing the Owner and Group of a File

When a user creates a new file, it belongs to the user who created it and to the current group of the user. Any user other than the owner of the file can't change ownership of a file, except the superuser. A user can change group membership of a file only if he or she is member of both the old and new groups. In normal circumstances, the system administrator needs to change file and group ownership when copying files to new user directories or when making files available to new users or groups.

In HP-UX, you use chown (CHange OWNer) for changing the owner of a file and chgrp (CHange GRouP) for changing group membership of a file. Let us see what happens when we change the owner of a file from user boota to jim.

$ ll file1

-rwxrwxrwx 1 boota users 0 Sep 8 18:06 file1

$ chown jim file1

$ ll file1

-rwxrwxrwx 1 jim users 0 Sep 8 18:06 file1


Note that the user name is changed in the third field. We don't need to mention the old owner name when changing ownership of a file with the chown command.

A similar method is used for changing the group ownership of file1 from users to root with the chgrp command.

$ ll file1

-rwxrwxrwx 1 jim users 0 Sep 8 18:06 file1

$ chgrp root file1

$ ll file1

-rwxrwxrwx 1 jim root 0 Sep 8 18:06 file1


Multiple file names and wildcard characters can also be used with chown and chgrp. Names of a new owner and group must be present in the /etc/passwd and /etc/group files, respectively. The chown command can also be used to change the owner and group in one step. See the following example, where the owner and group are used together with a colon symbol.

$ ll file1

-rwxrwxrwx 1 boota users 0 Sep 8 18:06 file1

$ chown jim:root file1

$ ll file1

-rwxrwxrwx 1 jim root 0 Sep 8 18:06 file1


To change the ownership or group of a directory tree, you can use the -R option with both of these commands and with the directory name as argument. Whenever you change ownership of a link file, ownership of the file to which the link points is also changed. To avoid this, use the -h option with the chown or chgrp commands.

Study Break

Dealing with File Permissions

Up until this point you have studied basic concepts of file security structure used in UNIX. You have seen what the file permissions are and how can these be set and modified. Let's take a short break and use some of these concepts.

First, use the command umask 000 to ensure that the default file permissions are being used. Then, create a new

file in your home directory with the name testfile. List the file using the ll testfile command and see what the default permissions are. Check the mask value using the umask command. Now change the value of umask to 222 and create another file with the name myfile. Did you find any difference between the file permissions of testfile and myfile? Now try to change the contents of myfile using the vi editor. When you try to save the file, vi tells you that the file is read-only. This is because you had changed the mask value such that the owner didn't have write permission. Quit the vi editor without saving the file and use the chmod command to grant write access to the owner of the file.

7.6 Special File Permissions

There are three types of special file attributes: set user ID (SETUID), set group ID (SETGID), and sticky bit. In the general case, if a user executes a file owned by someone else, the process created in memory is owned by the user who executes the file. In the case of SETUID, the process created is owned by the owner of the file. A similar rule is applicable in the case of the SETGID bit. The sticky bit is used to protect files in that directory.


We use the chmod command to set these special permissions to a file. If you are using a symbolic method, use u+s for setting SETUID and g+s for setting SETGID. In case you use octal numbers, add a fourth octal digit on the left-hand side of the file permissions. Digit 4 represents SETUID and 2 represents SETGID. Examples of symbolic and octal number use are given below.

$ ll file1

-rwxrwxrwx 1 boota users 0 Sep 8 18:06 file1

$ chmod u+s file1

$ ll file1

-rwsrwxrwx 1 boota users 0 Sep 8 18:06 file1

$ chmod 2777 file1

$ ll file1

-rwxrwsrwx 1 boota users 0 Sep 8 18:06 file1


As you can see, "x" is replaced by "s" in the file permission representation with either SUID or SGID.

The SUID bit plays an important role when you want to execute a program with higher privileges. For example, when you change your password, you modify the /etc/passwd file. Only root has permission to modify this file, so how can every system user modify it? This becomes possible because the command you use for a password change (/bin/passwd) is owned by root and has the SETUID bit set. So whenever any user executes this command, the command runs as root and has the privilege to modify the /etc/passwd file.

This also causes a great security problem. For example, if you have a program with the SUID bit set, anybody executing that program gets the privileges of the owner of the program during the execution of that program. Now, if by chance you also allow write permission to that program file, someone can change the contents of the program and execute it with the owner privilege. Just imagine if someone has write permission to a file owned by root and the SETUID bit is in place, the user can change its contents with some other command to damage the whole file system!

Sticky Bit

The sticky bit is represented by "t" and can be set using the chmod command with the u+t symbolic method or 1 (one) in the fourth digit position of octal numbers. One example is:

$ ll file1

-rwxrwxrwx 1 boota users 0 Sep 8 18:06 file1

$ chmod u+t file1

$ ll file1

-rwsrwxrwt 1 boota users 0 Sep 8 18:06 file1


The use of the sticky bit for directories has a significant advantage. If the sticky bit for a directory is set, users can use that directory as a public area for file

sharing. Any file present in a directory with the sticky bit set can only be deleted by the owner of the file. It may be useful to set the sticky bit for the /tmp directory where users can safely put and delete their temporary or sharable files.

7.7 Finding Files Having a Particular Set of File Permissions

You have already used the find command to search any file in the file system hierarchy. You can also use the find command to list files with desired file permissions in the file system. For example, if the system administrator wants to list all files for which the SUID bit is set in the /usr/bin directory, the following command is useful. Here I have shown only partial output, as the actual output is quite long.

# find /usr/bin -perm -u+s -exec ll {} \;

-r-sr-xr-x 5 root bin 49152 Apr 9 1998 /usr/bin/chfn

-r-sr-xr-x 1 root bin 49152 Nov 6 1997 /usr/bin/chkey

-r-sr-xr-x 5 root bin 49152 Apr 9 1998 /usr/bin/chsh

-r-sr-xr-x 1 root bin 53248 Apr 9 1998 /usr/bin/ct

-r-sr-xr-x 1 root bin 40960 Apr 9 1998 /usr/bin/cu

-r-sr-xr-x 1 root bin 73728 Feb 2 1998 /usr/bin/df

-r-sr-xr-x 1 root bin 49152 Nov 7 1997 /usr/bin/login

-r-sr-xr-x 1 root bin 45056 Jun 15 1998 /usr/bin/lp

-r-sr-xr-x 1 root bin 40960 Oct 27 1997 /usr/bin/lpalt

-r-sr-sr-x 2 root mail 45056 Nov 7 1997 /usr/bin/mail


This output shows that whenever someone uses one of the above commands, he or she will become the superuser during the execution time of the command. You can also use a similar command to check your files in your home directory to find out if some security hole exists due to any mistake in granting permissions. The following command lists all files for which SETUID is set, and anybody from group or others also has write permission to that file.

$ find / -perm -u+s,g+w,o+w

7.8 Access Control Lists

Access control lists are used to grant or deny permissions to users or groups in addition to those specified with traditional UNIX file access permissions. This mechanism is also called discretionary access control (DAC) and is supported under the older HFS file system but not under the modern JFS file system. To grant or deny specific file accesses to a user or group, users are specified as shown in Table 7-3.

Table 7-3. Access Control List User Specification



ACL for a specific user and a specific group


ACL for a specific user and all groups

ACL for all users and a specific group


ACL for all users and all groups

Listing ACL

Access Control Lists can be listed using the lsacl command.

$ lsacl myfile

(boota.%, rwx) (jim.%,rwx) (%.users,r-x) (%.%,r--) myfile


This command shows that users boota and jim, belonging to any group, have all read, write, and execute permissions, all users of the users group have read and execute permissions, and all other users have only read permissions.

Changing ACL

The chacl command is used for changing ACLs. You can grant another user mary read, write, and execute (rwx) permissions to myfile.

$ chacl "mary.%=rwx" myfile

$ lsacl myfile

(boota.%, rwx) (jim.%,rwx) (mary.%,rwx) (%.users,r-x)

(%.%,r--) myfile


7.9 Miscellaneous Commands

Here are few other commands that are not used directly to modify file permissions but are related to this process.

The newgrp Command

If a user is a member of more than one group, all new files created by that user belong to the current group. If the user wants the new files to belong to another group, the newgrp command changes the current group membership temporarily. In the following example, user boota belongs to group users (default group) and class. See how the new files created by the touch command are affected by changing the group membership.

$ touch file1

$ ll file1

-rw-rw-rw- 1 boota users 0 Sep 8 18:06 file1

$ newgrp class

$ touch file2

$ ll file2

-rw-rw-rw- 1 boota class 0 Sep 8 18:06 file2


File file1 belongs to group users, while file2 belongs to group class.

The su Command

The switch user ID (su) command is used to change the user ID temporarily just as you used the newgrp command to change the group ID. You need to know the password for the user you are changing to. The following command changes the user ID to jim.

$ su jim



To switch back to the actual user ID, use the exit command. After changing the user ID, all new files created belong to the new user. The environment related to user jim is not loaded until you use the su - jim command instead of su jim.

If you don't specify any user name with the su command, it will change to user root. You can become the superuser temporarily by using this command if you know the root password.


Many system administrators work under a user ID other than root and change the ID to root only if required. This is done to avoid any accidental damage to files with commands like rm.

The id Command

The id command is used to display the current user and group IDs. A typical result of this command is:

$ id

uid=415 (boota), gid=100 (users)


The command shows that the current user is boota having a user ID of 415. The current group membership is users and the group ID is 100.

Chapter Summary

In this chapter, you learned the concept of file permissions and access control lists. These are very important from a file- and system-security point of view. The following items were presented in this chapter.

There are three types of user in UNIX; the owner, members of the owner group, and all other users.

The three types of permissions can be set for every file and directory. These are read, write, and execute permissions.

A file's permissions can be changed with the chmod command.

The owner and group of a file can be changed with the chown and chgrp commands.

Use of the SETUID and SETGID bits and security problems associated with these.

Use of the sticky bit and its effect on files and directories.

Finding files with specific file permissions using the find command.

Use of Access Control Lists (ACLs) with the lsacl and chacl commands, which are used to list and change ACLs, respectively.

In addition, you have also used some other commands that don't affect file permissions directly. The newgrp command is used to change group membership temporarily while the su command is used to change user ID temporarily. The id command is used to check the current user and group membership.

In the next chapter, we will see the file system structure of HP-UX and how different directories are arranged in the file system. We will also see which directory contains what type of files.

Test Your Knowledge


A file has rwxr-xr-- permissions. It is owned by a user mark belonging to a group users. You are logged in as user jim belonging to group users. What permissions do you have for this file?

A. only read permission

B. read, write, and execute permissions

C. read and execute permissions

D. You don't have any permissions for the file, as the file is owned by another user.


You are logged in as user jim and create a file myfile and want to give it to a user mark by changing its ownership. The command for this is:

A. chown mark myfile jim

B. chown mark myfile

C. chmod mark myfile

D. You can't change file ownership.


The id command without any argument lists:

A. user ID

B. group ID

C. both user and group IDs

D. system ID


You want to change your group ID temporarily. Which command will you


A. the newgrp command

B. the chgrp command

C. the id command

D. all of the above


The system administrator wants a command to be executed with superuser permissions no matter which user executes it. He or she will set:

A. the SUID bit

B. the SGID bit

C. the sticky bit

D. the execution bit


A file myfile already exists. You use command touch myfile. What will be the effect of this command?

A. It will erase the file and create a new file with the same name and zero byte size.

B. It will rename the file as myfile.bak and create a new file with the name myfile and zero byte size.

C. It will change the file modification date and time to the current value.

D. It will do nothing, as the file already exists.


You are logged in as user boota belonging to group users. When you list files using the ll command, you see the following list.

-rwxrw-r-- 1 jim class 0 Sep 8 18:06 myfile

What operations can you perform on this file?

A. read, write, and execute

B. read and write

C. read only

D. modify and delete


You use the command chmod 764 myfile. It provides:

A. read, write, and execute permissions to the owner

B. read and write permission to the group members of the owner of the file

C. read permission to all users of the system

D. all of the above

No comments:

Post a Comment