Permissions Unmasked!
Oy. Permissions. Permissions in a Linux / Unix environment can be a headache; and who knows what all those little numbers and letters mean?
I do, and you will too.
Of course, every book in the world will tell you that there are three sets of permissions; user, group and world. So something that’s rw-r–r– is writable only by the user but readable by everyone. There’s read, write and executable settings for each one, and they’re marked by “bits”. You know that computers think in binary, and in binary there are only zeroes and ones. Here’s what we’re interested in for the next few minutes.
Decimal 0 = Binary 000 Decimal 1 = Binary 001 Decimal 2 = Binary 010 Decimal 4 = Binary 100
If you look those over, you’ll see there’s only one way to get each of the numbers from 0 to 7 using only one of a number ( ie, you can’t replace a 4 with 2 2s ). A seven has to be a four, a two and a one. No other options. So when you’re saying “change the ownership of somefile to 755″ what you mean is you want the ownership to be read:ON, write:ON, execute:ON for the owner, and read:ON write:OFF execute:ON for everyone else.
If you’re ssh’d into your server and you run an “ls -la somefile” you’ll see something that looks like
-rw-r--r--
which translates to
011000100
or, taking off the first one ( because it’s special and I won’t talk about it here),
110 100 100
If you treat those each as binary numbers and translate them to decimal, you’ll have 644.
What’s this mean?
Basically, 4 is read permissions only. 2 is write permissions only but you can add them together and get 6 which is read and write permissions. There’s only one way to get a six; a four and a two ( you can’t have two threes or three twos ). When you add “executable” to the mix, you’ll see that you can add executable to any of these numbers and get 5 ( read and execute, don’t write ), 3 ( write and execute, don’t read ( weird ) ), 7 ( read, write and execute ).
Note that it doesn’t really make sense to “execute” a directory. The “executable bit” for directories translates to “traversable.” Or, in english, a user can go through the directory without needing read permissions. For instance, to use a contrived example, you could have a /var/logs/user/ directory and just give the users permission to see their own directory; the logs directory could not be readable or writable but be traversable; they could go through it. But if they did a “ls -la /var/logs”, they’d get back an error.