Working with files and directories

Access control for files and directories

Because the SCO OpenServer system is a multiuser system, it is important that strict control is placed on file access. For example, as a user you cannot change files that belong to someone else without their authorization. Controlling access to files is achieved by use of permissions.

Every file has three sets of permissions that control who can read it, write it (that is, change it), and execute it. You can change the permissions on your own files to make them more or less accessible to other users on the system. The following is a representation of the permissions information displayed by the ls -l command. Remember that the first character position actually gives the file type, and is not a permissions indicator; see ``File and directory attributes'':

The permissions field for a file is made up of nine character positions following the file type indicator. They are divided into three sets of three permissions each; a set for the owner of the file, a set for the group of users to which the file belongs, and a set for everyone else on the system. These are respectively known as ``owner'', ``group'' and ``other''.

Note that the superuser (root) can always read or write every file on the system. This is a special privilege that is not available to any other user.

Each set of permissions can include none, one, or more than one of the following privileges:

If you have read permission, you can look at the contents of a file. For a directory, this means you can see a list of the files it holds. Read permission is represented by an ``r'' in the first of the three character positions for each of the three sets of permissions, as follows:
-r--r-----   1 johnd   unixdoc    10586 Feb 25 12:26 1.start
The ``r'' in the first character position of owner's set and the group set means that the owner and members of the owner's group can read the file; nobody else is permitted to do so.

If you have write permission on a file, you can alter its contents. For a directory, this means you can create files and subdirectories within that directory. It also means you can remove files from that directory even if you do not have write permission on the files.
--w--w--w-   1 johnd   unixdoc     8660 Feb 25 13:08 2.start
The ``w'' in the owner's set, the group set and the other users' set means that all classes of user can alter this file.

You cannot remove a file unless you have write permission on the directory it is stored in. If you try to remove a file from a directory for which you do not have write permission, you will see an error message like the following:

$ rm freds.file
rm: fred/freds.file not removed.
Permission denied

For a file, this means that if the file is a program, you can execute it. Execute permission on a directory means you can change to it.
---x--x--x   1 johnd   unixdoc      Feb 25 13:08 2.start
In all cases, a hyphen in any of the permissions fields indicates that the permission is not set.

More uncommonly, you may encounter other permissions in a long listing, for example ``s'' or ``t''. For details, see ls(C).

To see the permissions on the current directory, use the l -d (directory) command, as follows:

   $ l -d
   drwxrwxrwx  21 johnd   techpubs    1552 Dec 07 15:40 .

Next topic: Changing file permissions
Previous topic: Running commands in a pipeline

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003