coreutils: Mode Structure
1
1 27.1 Structure of File Mode Bits
1 ================================
1
1 The file mode bits have two parts: the “file permission bits”, which
1 control ordinary access to the file, and “special mode bits”, which
1 affect only some files.
1
1 There are three kinds of permissions that a user can have for a file:
1
1 1. permission to read the file. For directories, this means
1 permission to list the contents of the directory.
1 2. permission to write to (change) the file. For directories, this
1 means permission to create and remove files in the directory.
1 3. permission to execute the file (run it as a program). For
1 directories, this means permission to access files in the
1 directory.
1
1 There are three categories of users who may have different
1 permissions to perform any of the above operations on a file:
1
1 1. the file’s owner;
1 2. other users who are in the file’s group;
1 3. everyone else.
1
1 Files are given an owner and group when they are created. Usually
1 the owner is the current user and the group is the group of the
1 directory the file is in, but this varies with the operating system, the
1 file system the file is created on, and the way the file is created.
1 You can change the owner and group of a file by using the ‘chown’ and
1 ‘chgrp’ commands.
1
1 In addition to the three sets of three permissions listed above, the
1 file mode bits have three special components, which affect only
1 executable files (programs) and, on most systems, directories:
1
1 1. Set the process’s effective user ID to that of the file upon
1 execution (called the “set-user-ID bit”, or sometimes the “setuid
1 bit”). For directories on a few systems, give files created in the
1 directory the same owner as the directory, no matter who creates
1 them, and set the set-user-ID bit of newly-created subdirectories.
1 2. Set the process’s effective group ID to that of the file upon
1 execution (called the “set-group-ID bit”, or sometimes the “setgid
1 bit”). For directories on most systems, give files created in the
1 directory the same group as the directory, no matter what group the
1 user who creates them is in, and set the set-group-ID bit of
1 newly-created subdirectories.
1 3. Prevent unprivileged users from removing or renaming a file in a
1 directory unless they own the file or the directory; this is called
1 the “restricted deletion flag” for the directory, and is commonly
1 found on world-writable directories like ‘/tmp’.
1
1 For regular files on some older systems, save the program’s text
1 image on the swap device so it will load more quickly when run;
1 this is called the “sticky bit”.
1
1 In addition to the file mode bits listed above, there may be file
1 attributes specific to the file system, e.g., access control lists
1 (ACLs), whether a file is compressed, whether a file can be modified
1 (immutability), and whether a file can be dumped. These are usually set
1 using programs specific to the file system. For example:
1
1 ext2
1 On GNU and GNU/Linux the file attributes specific to the ext2 file
1 system are set using ‘chattr’.
1
1 FFS
1 On FreeBSD the file flags specific to the FFS file system are set
1 using ‘chflags’.
1
1 Even if a file’s mode bits allow an operation on that file, that
1 operation may still fail, because:
1
1 • the file-system-specific attributes or flags do not permit it; or
1
1 • the file system is mounted as read-only.
1
1 For example, if the immutable attribute is set on a file, it cannot
1 be modified, regardless of the fact that you may have just run ‘chmod
1 a+w FILE’.
1