Rights Management in UNIX - Some extra rights
(Page 4 of 4 )
Although I said that there are three main rights, there is a fourth octal number that hides extra options. The first is the sticky bit. Its octal value is one. When you print the right with the ls command, you will see it coded with the letter t. It stands in the place of the execute right.
This makes sense for programs in the case of files. This will signal to UNIX that the application will always remain inside the memory. The old UNIX systems used this, but today this will not bring you any real advantages. For directories, this means that only its creator can modify the directory. A file like this is the /tmp. We do not want to change this, so that other programs will have it as well.
The second is the set group id bit. The octal value is 2. It is represented by both the s or S letter, with the mention that s= S + x. Files set with this trait will run with the rights of their creators. For example, the passwd program that allows the change of the user password will always run with root rights.
Finally, there is the set user id bit. The octal value is 4. When this option is turned on, a directory of directories created below it will be in the possession of whoever created the upper directory, and not in the possession of who just created the directory.
If we want to make the tmp directory, we would use the following command lines:
chmod a+x tmp
chmod +t tmp
Alternatively, with octal code:
chmod 1777 tmp
You can also find an extra letter standing in front of all these rights if you list it with ls –l. The extra letters tell something about the type of file with the following codification:
d <=> directory
l <=> symbolic link
b <=> block device
c <=> character device
-<=> general
Implicit Rights
When you create a new file with the touch command, for example, some default rights will be set. These are given by the shell and set automatically. The settings are inside a mask that is named umask. This holds, as information, which rights the shell should notset once it creates the file.
The mask by default is set in a manner such that the execute right is only an extra, and it is assumed that the user will set it later on. Besides this, the three digit octal numbers remain for the rest of the rights (or four if we add the extra rights). The default value of the mask is 002 and will set the rights rw-r--r--.
To decode the code we just expand it to its octal form: 000 000 010. The execute bit now is ignored, while the rest just shows what rights the shell should not set. The only affirmative answer from this group is in the second bit, which signals that the write right should not be set.
We can of course change this value. As I show it on the lines that follow:
umask 022
touch alfa.txt
ls -l alfa.txt
-rw-r--r-- 1 gaborj gaborj 0 2009-01-28 20:15 alfa.txt
This will be all you need to know about this. Come back next week when I will answer more questions about the file system inside UNIX. We will look into topics such as the hard and soft links, time stamps of the files, mounting devices and some others as well. Rate my article if it was helpful and ask any questions you may have on the blog. Until next week Live With Passion!
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
