In an
Unix filesystem, every file and directory have a set of permissions that control the kind of things that a user can do to a file or directory.
There are three actions that you can control. Reading, writing and executing. For directories this actions means; Reading, listing the contents. Writing, creating or removing files inside the directory. And executing means accessing the files inside the directory.
In Unix there are users and groups, and the file systems tracks which user and group a file belongs to. You can assing diferent permissions to the owner of the file, to the people in the file's group and to everyone else.
There are also another three "special" permissions; setuid, setgid and the sticky bit (nice name).
Setuid works only on executable files. If a program has the setuid set, then the program runs on behalf and with the personality of the owner of the program not matter which user really fired the program.
Setgid is similar to setuid on files, but uses the permissions of the program's group instead of the program's owner. Setgid also works on directories, inside a directory with the setgid set all files created will have the same group has the directory insted of the creator's group.
The sticky bit works for directories, and it's mean for shared directories. Usually any user with writing permissions for a directory can erase any file in that directory despite that him may not own those files, in a directory with the sticky bit set this is forbiden.
Initially the sticky bit has used to mark executable files asking the kernel to mantain the program in RAM even after it's execution. It was useful for often used utilities. Modern paging and swaping memory technics do this in a diferent and better fashion (paging on demand), so this bit became useless for a while.
The set of permissions of a particular file is also called it's "access mode".
There are two ways to express the permissions the symbolic form or by a octal number.
The symbolic form looks like the first column of ls -l. There are 10 chars in there but the first one is not a permission it's the type of the file. Next comes three sets of three chars. Those are the permissions sets for the owner, the group and everybody else.
The first char it's the read permission it can be "r" when set, "-" when not set.
The second is the write permission "w" when set, "-" when not set.
And the last one is the execute permission "x" when set, "-" when not set. In the first set (the owner set) it looks like "s" when both execute and setuid are set, or "S" when only the setuid is set without the execute permission (useless). On the second set (the group set) it looks the same except that we are talking about setgid insted of setuid. And in the last set (the everybody else set) it looks like "t" when both execute and the sticky bit are set or "T" when only the sticky bit is set.
But I think that the octal form is nicer, see;
We have three kinds of permissions let's assing them a power of 2 value to each, read is 4, write is 2, and execute is 1. The sum of this values is 7 which falls nicelly within an octal digit.
7 means all permissions.
6 means can read and write (usefull for files)
5 means read and execute (usefull for programs and do-not-store-your-trash-here directories),
4 is the obvious you can read this file but don't change it.
3 is sort of silly.
2 it may seem stupid not to be able to see a file which you may write, but you can set up funny things like setting write only permissions for everybody and read permissions only for the owner. All the people can append their must kinky secrets to a file. Nobody can read the secrets of the other people but the owner of the file (Mrs.Counselor Hart let's say) can read and advice everybody secrets.
1 it's really unuseful, you can't run a program that you can't read. It may be used to mean; "Yup, this is the killer application I just wrote, but you can't run it just yet, keep pleading me in humiliation while me ego is fat enough).
The special permissions, in a similar fashion, are 4 for setuid, 2 for setgid, and 1 for the sitcky bit (man, I like that name!).
So we just need one octal digit for the special permissions plus 3 octal digits for the three sets. (Nifty, huh??)
You may think that it's strange that all your symbolic links have all the permissions set. You may even be scared to note that no matter how many times you change them, all the permissions stay set. But that's ok, symbolic links permissions are never looked at, the permissions of the file pointed to are used instead. In fact chmod changes the real file permissions instead of the link's ones.