unix permissions

Posted on 2005-04-11
Last Modified: 2013-12-06
Trying to grasp the concept of permissions in Unix.

ie:  xxx-xxx-xxx

1. I know that the first part applies to the permissions the owner gets on the file
The second part applies to the group <---this is where I'm lost
The third part applies to everyone else.

So a ping chmod 700 /sbin/ping, will deny ping to everyone but the owner
What would a 770 /sbin/ping do?

2. If you have r/w access to a file, do you need "execute" permission as well?

Question by:dissolved
    LVL 45

    Accepted Solution

    Hi dissolved,

    Every user is a member of at least one group.  On some systems, particularly linux, it's common for the group name to be the same as the user name, but this by no means required.  Users can belong to more than one group.

    The usage of groups allows the sysadmin to allow/disallow access to certain files (programs, data, etc) to certain users.  If your system had an application called "SomeApplication" the sysadmin could limit which users could run the application simply by setting creating a group "SomeGroup", assigning the files associated with "SomeApplication" to it, and setting the permissions to 0070.  To run "SomeApplication" you'd then have to be a member of "SomeGroup".

    chmod 700 /sbin/ping means that only the owner of ping (and root) can run it.
    chmod 770 /sbin/ping means that those users that are members of the group that /sbin/ping belongs to can run it, as well as the owner and root.

    If you have read access to a file, have implied access to it.  In older unix systems this was often enough.  But most modern systems won't attempt to execute a file unless the execute bit is set.  (You can always copy the file and become the owner of the copy.  Then set the execute bit.)

    Good Luck!

    Author Comment

    thanks,  I'm giving you the question.

    Can you clarify 2 quick things for me?

    1.How do you tell group membership?  ie: How do I tell what users belong to /sbin/ping?

    2. What groups belong to /sbin/ping by default?

    LVL 45

    Expert Comment


    1)  Enter:

    ls -l /sbin/ping

    You'll get a line that looks like:

    -r-sr-xr-x    1 root   system               31862  <date> ping

    This shows that ping is owned by 'root' and is a member of group 'system'

    Note that not all systems use the /sbin/ping path.  AIX uses /usr/sbin/ping.

    2)  It's semantics, but groups don't belong to files.  Users belong to groups and a file is a member of a group.

    Most system executables will belong to group 'bin' or 'system'.  In AIX ping belongs to 'system' by default.  This may differ with other implementations of unix.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
    Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Video by: Phil
    This video goes over how to configure and start a jail in FreeBSD.  This video is meant to supplement the article included with this course.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now