• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 434
  • Last Modified:

unix permissions

Trying to grasp the concept of permissions in Unix.

ie:  xxx-xxx-xxx

1. I know that the first part applies to the permissions the owner gets on the file
The second part applies to the group <---this is where I'm lost
The third part applies to everyone else.

So a ping chmod 700 /sbin/ping, will deny ping to everyone but the owner
What would a 770 /sbin/ping do?

2. If you have r/w access to a file, do you need "execute" permission as well?

  • 2
1 Solution
Kent OlsenData Warehouse Architect / DBACommented:
Hi dissolved,

Every user is a member of at least one group.  On some systems, particularly linux, it's common for the group name to be the same as the user name, but this by no means required.  Users can belong to more than one group.

The usage of groups allows the sysadmin to allow/disallow access to certain files (programs, data, etc) to certain users.  If your system had an application called "SomeApplication" the sysadmin could limit which users could run the application simply by setting creating a group "SomeGroup", assigning the files associated with "SomeApplication" to it, and setting the permissions to 0070.  To run "SomeApplication" you'd then have to be a member of "SomeGroup".

chmod 700 /sbin/ping means that only the owner of ping (and root) can run it.
chmod 770 /sbin/ping means that those users that are members of the group that /sbin/ping belongs to can run it, as well as the owner and root.

If you have read access to a file, have implied access to it.  In older unix systems this was often enough.  But most modern systems won't attempt to execute a file unless the execute bit is set.  (You can always copy the file and become the owner of the copy.  Then set the execute bit.)

Good Luck!
dissolvedAuthor Commented:
thanks,  I'm giving you the question.

Can you clarify 2 quick things for me?

1.How do you tell group membership?  ie: How do I tell what users belong to /sbin/ping?

2. What groups belong to /sbin/ping by default?

Kent OlsenData Warehouse Architect / DBACommented:

1)  Enter:

ls -l /sbin/ping

You'll get a line that looks like:

-r-sr-xr-x    1 root   system               31862  <date> ping

This shows that ping is owned by 'root' and is a member of group 'system'

Note that not all systems use the /sbin/ping path.  AIX uses /usr/sbin/ping.

2)  It's semantics, but groups don't belong to files.  Users belong to groups and a file is a member of a group.

Most system executables will belong to group 'bin' or 'system'.  In AIX ping belongs to 'system' by default.  This may differ with other implementations of unix.


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now