8 Krypton

Re: POSIX, Mode bits, UGOs in UNIX Permissions

UNIX permissions consist of POSIX mode bits (POSIX is the Portable Operating System Interface) and has been around for years.  Mode bits are the representation of security on files or folders.  The way it works is this - there are three basic permissions: Read, Write and Execute.  

There are also three basic entities that you can assign permissions to: User, Group and Other.  Sometimes you'll see mode bits referenced as UGOs, that's where it comes from.  The permissions are really just binary bits (on or off) represented in a decimal format. 

Here's how it works:

Lets say you want to grant Read permission but not Write or Execute.  In binary form (on or off) it would look like this Read-1, Write-0, Execute-0  (100).  If you convert that from binary to decimal, it's a 4.

Let's say you wanted to add Execute permissions then it would be Read-1, Write-0, Execute-1 (101).  If you convert that to binary that's a 5.  All 3 permissions (111) converted to decimal is a 7. 

When looking at permissions on a file or folder (ls -l) you'll see something like this: 

drwxr--r--  1 fred accounting 2618 Sep 10 2013 filename.txt

The "d" means we're looking at a directory, the next three characters (rwx) are permissions for the owner of the file, the next three (r--) for the group, and the last three (r--) for other.

If we converted this to decimal we would would have 744  (111)(100)(100).  This also shows that fred is the owner of the file and the group is accounting. 

If I wanted to change permissions to give full control to the accounting group I could simply change the mode bits using the "chmod" command. 

So, chmod 774 would modify the file so that it would look like this instead: 

drwxrwxr--  1 fred accounting 2618 Sep 10 2013 filename.txt.

Executing chmod 777 then gives everyone (fred, accounting, and other) all 3 permissions Read, write and Execute. 

As should be clear, in the UNIX world, it's very important to know the user and group ownership of a file to set permissions correctly.