[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
File Permissions, Binary, Octal (was Re: Apache)

To: silug-discuss@silug.org
Subject: File Permissions, Binary, Octal (was Re: Apache)
From: "Jamon Terrell" <jamonterrell@hotmail.com>
Date: Wed, 17 Apr 2002 17:53:24 -0400
Organization: Southern Illinois Linux Users Group
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org
Okay so here's my little tutorial on linux and unix permissions, for those 
of you who are interested...warning, it's a lot of rambling :)

The first thing you need to know in order to truely understand file 
permissions is you need to understand how the data about file permissions is 
stored.

Each file(and directory) has a 1 1/2 byte section of octal( or binary 
depending on how you look at it ) that describes the permissions of that 
file.

So first, binary.  As you know we store things on disks by using an 
electromagnet to set the polarity of a segment of the disk.  Each one of 
these segments represents a bit.  For ease of manipulation we decided that 
we should group them in 8's, thus allowing one byte to represent 256 unique 
possibilities. In order to achieve this we simply give each bit of the byte 
a value based on how far it is from the first bit.  Think of this like our 
number system, 500 is different than 50 because of the position the 5 is in. 
  Binary just happens to be base two instead of base 10, because we haven't 
_REALLY_ Developed a fuzzylogic disk drive yet :) (That means each segment 
of the disk can only be positive or negative, we don't do different levels 
of positive and negative.) Hence we have "ON" or "OFF."  10011001 is one 
byte of binary for example(or if you prefer, 8 segments on the disk), and 
I'll go through how to decode it with you.  If you're familiar with the way 
we used to weigh things, this will come easy to you.  If not, I'll explain 
it... We used to use Balance scales to weigh everything, meaning to 
determine one pound of flour or grain, we'd put a one pound weight on one 
side, and pour flour or grain onto the other until it balanced.  Now the 
issue with this was they needed a way to be able to achieve any number of 
pounds without having to have a 1 lbs weight, a 2 lbs weight, a 3 lbs 
weight, a 4 lbs weight, and so on.  Why would you need a 3 lbs weight if you 
have a 1 and a 2 lbs weight? you'd just put them both on, right? That's how 
binary works.  Under BIG_ENDIAN (the more common way this is done) the least 
significant digit (1) is at the right side, and the most significant digit 
(128) is at the far left.  So basically each digit has the value shown below 
(with our binary number 10011001 listed as an example).

128 64  32  16  8   4   2   1
1   0   0   1   1   0   0   1

So basically we would add the value of each digit that is "ON." 128+16+8+1 = 
153, thus 10011001 is 153.

Likewise Octal works exactly the same way, with the exception that one octal 
is 3 bits instead of 8. (it's called octal because it allows for 8 different 
combinations).

For example 101 in octal is 5 in decimal.

Once you understand that, the whole linux/unix permissions thing should be 
relatively simple.

Each file under linux/unix has 4 octals of file permissions(1.5 bytes, or if 
you prefer, 12 segments on the disk).

For a file, they are broken down by octal as: (Special, Owner Permissions, 
Group Permissions, Global Permissions).

Each of these octals allows for 3 ON/OFF values, and for all except the 
special octal, they represent READ, WRITE, and EXECUTE.  101 would mean that 
the party in question could READ and EXECUTE but not WRITE to the file.  
Hence 5 represents the same with chmod.  For example a normal file with 
permissions:

RWXR-XR-X would be 111 101 101 or 755. For a directory the only change to 
this is, since you obviously can't EXECUTE a directory, the EXECUTE bit is 
replaced by "ACCESS" bit, determining whether or not the party in question 
can access the directory.  But this gets a little tricky because obviously 
READ and ACCESS seem quite similar in meaning.  The difference is, READ says 
whether or not you can read the file list of the directory, and ACCESS says 
whether or not you can access files inside the directory.  For example if a 
directory is RWX--X--X and it has a file named "readme" with permissions 
RWXR--R--, you non-owners could read the file readme, but they wouldn't be 
able to list the files in the directory (Which is why I think and always 
have thought the "locate" command has security issues).

Now that you've all read this far (yeah right!) and understand all about how 
to chmod files I bet you're just dying to know what information is held in 
that special octal.

And just in case you're interested:

The first bit(big-endian) of the first octal is SetUID (if true then the 
program runs as the owner regardless of who runs it), the second is SetGID 
(runs as the group who owns it rather than the group of the person who ran 
it), and the third is Save Text Image, now commonly called the "Sticky" bit. 
  As far as I know (correct me if i'm wrong) this no longer does or means 
anything for files, but for directories, when set, only the owner of a 
specific file, or of the directory its in, can remove a file, regardless of 
whether the writable bit is set.

And now on to the last section, how to apply this with chmod... just convert 
your octals to binary independantly, and then chmod xxxx file. As a note, 
chmod 755 sets the special bit to 0.  and chmod 55 sets the special and 
owner bits to 0. (you get the idea, anything left off the left side is 
assumed a 0).

I took the time to write this out because it's something I feel everyone who 
uses a computer (especially with unix/linux) SHOULD know.  If you understand 
this, a lot of other things will make sense to you that otherwise would not.

And Finally, the reason I posted this, someone had mentioned checking your 
permissions, and making sure the directories for your web pages were 744.  
Though this seems logical, It's pretty much the opposite of what you want.  
You want the directories to be 711.  This will allow the files to be read 
inside the directory based on the permissions of each specific file, but 
will not allow a directory listing(for security purposes that's how you 
should have your web site(ie your htdocs dir).)  As for the files inside the 
directory they need to be 744 or if they're executable (cgi files) make them 
755.

Enjoy the overly lengthy e-mail :)
Any further questions or corrections, feel free to ask or comment :)

--Jamon Terrell

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.
Prev by Date: RHCE Plan
Next by Date: Re: apache
Prev by thread: Re: RHCE Plan (fwd)
Next by thread: RHCE Plan
Index(es):
- Date
- Thread