linux file permissions
§ chmod
chmod [ugoa] [-+=] [rwxXst]
users
u : the user who owns it
g : user in the files' group
o : other users not in the file's group
a : all uers.
perms
rwx : read (4), write (2), execute (1)
§ Other than rwx
- setuid / setgid : whether the program can set its user id / group id. If the program is a script then this bit is ignored (for security reasons)
- sticky bit:
Filemode defs1
#include <sys/stat.h>
int fchmod(int fildes, mode_t mode);
mode bits: (man 2 fchmod)
S_ISUID (04000)
set-user-ID (set process effective user ID on execve(2))
S_ISGID (02000)
set-group-ID (set process effective group ID on execve(2); mandatory
locking, as described in fcntl(2); take a new file's group from parent
directory, as described in chown(2) and mkdir(2))
S_ISVTX (01000)
sticky bit (restricted deletion flag, as described in unlink(2))
S_IRUSR (00400)
read by owner
S_IWUSR (00200)
write by owner
S_IXUSR (00100)
execute/search by owner ("search" applies for directories, and means that
entries within the directory can be accessed)
S_IRGRP (00040)
read by group
S_IWGRP (00020)
write by group
S_IXGRP (00010)
execute/search by group
S_IROTH (00004)
read by others
S_IWOTH (00002)
write by others
S_IXOTH (00001)
execute/search by others
struct file
struct file {
atomic_long_t f_count;
spinlock_t f_lock;
fmode_t f_mode;
const struct file_operations *f_op;
struct address_space *f_mapping;
void *private_data;
struct inode *f_inode;
unsigned int f_flags;
unsigned int f_iocb_flags;
const struct cred *f_cred;
struct path f_path;
union {
// regular files (with FMODE_ATOMIC_POS) and directories
struct mutex f_pos_lock;
// pipes
u64 f_pipe;
};
loff_t f_pos;
void *f_security; // ifdef CONFIG_SECURITY
struct fown_struct *f_owner;
errseq_t f_wb_err;
errseq_t f_sb_err;
struct hlist_head *f_ep; // ifdef CONFIG_EPOLL
#endif
union {
struct callback_head f_task_work;
struct llist_node f_llist;
struct file_ra_state f_ra;
freeptr_t f_freeptr;
};
/* --- cacheline 3 boundary (192 bytes) --- */
}