In Interix, each file has three sets of permissions: one for the
owner, one for the file's group members, and one for everyone else.
Each set of permissions consists of a read permission, a write
permission, and an execute permission.
You can display file permissions with the ls -l command,
which is the long-file listing of ls(1). The following example illustrates output
of the ls -l command:
drwxr-xr-x 1 Jimbo Accounting 0 Aug 24 14:35 lib
-rwxr-xr-x 1 Jimbo Accounting 342 Aug 27 00:20 stuff
In a permission list, such as drwxr-xr-x, the first
character represents the file type (d or - in this
example). The next nine characters represent permission bits. The
list is divided into three parts: the owner permission set
(rwx in this example), the group permission set (r-x
in this example), and the permission set for everyone else
(r-x). Each set can contain read (r), write
(w), and execute (x) bits.
The following list describes the first character and each part
of the permission list. For more information about permission lists
and bits, see ls(1).
The first bit indicates the file type. For example, the letter
d represents a directory, the dash (-) denotes a
regular file, and a letter l marks a symbolic link.
The next three bits are the read, write, and execute bits for
the owner of the file. A dash (-) indicates that the
permission is not granted. For a directory, "execute" indicates the
ability to search the directory. The third position could have
letters other than x. An s in the third position
indicates that the file has both set user identifier (setuid) and
execute permissions. An S denotes setuid without execute
permission.
The next three bits are the read, write, and execute bits for
the file owner's group. In the example, members of the group other
than the owner can read and execute the file called stuff,
but cannot write to the file. An s in the third position
indicates that the set group identifier (setgid) bit is set with
execute permission, and an S indicates that the setgid bit
is set without execute permission.
The last three bits are the read, write, and execute bits for
everyone other than the owner and the owner's group; that is,
everyone else. A t in the third position indicates a sticky
bit with execute permission; a T is a sticky bit without
execute permission.
If you own a file or have appropriate privileges, you can change
the permissions for the file with the chmod(1) command.
Files created in the Interix environment
When you create a file in Interix and view it with ls -l,
the following permissions and attributes apply:
The file owner is the user who created it.
The file inherits its group from the group of the directory.
Group names can contain spaces. For example, "domain users" is a
valid group name. Although it is possible to create group names
with spaces, if you do so, shell and awk scripts might behave
unexpectedly because these types of scripts parse a group name as a
single token.
File permissions are dictated by the user mask. For more
information on the user mask, see umask(1).
POSIX files are given three access control entries (ACEs) in
Windows: one for the owner, one for the group, and one for the
Everyone group, which represents everyone else. For more
information on ACEs, see Windows object
security. POSIX permissions work as follows:
The POSIX read permission is represented by the Windows read
(R) permission.
The POSIX write permission is represented by the Windows write
(W) permission. If the file's read-only attribute is set, Interix
does not assign the write permission, regardless of the content of
the ACEs. If you use the chmod command to assign a write
permission to a file that has the read-only attribute set, the
read-only attribute is removed.
The POSIX execute permission is represented by the Windows
execute (X) permission.
You can deny access in cases where the Windows permission is
too broad. For example, a file with a mode of 077
(---rwxrwx) should not be readable by the owner. The Windows
Everyone group gives the owner access to the file, however. In this
case, Interix adds a deny permission for the owner to accurately
represent the permissions.
The owner of a file can change permissions on a file.
The owner of a file can grant or deny the permission to others
to take ownership of a file.
Some special permissions, such as the setuid bit, are
not represented through ACEs and are not visible through standard
Win32 tools.
Files created in the Win32 subsystem
A file created through the Win32 subsystem can have a number of
ACEs associated with it. In addition, those ACEs might not fit
neatly into the categories of user, group, and everyone else. The
Interix tools will "assemble" permission from the available
ACEs:
The file is owned by the user unless the user is a member of
the Windows Administrators group, in which case the file is owned
by the Administrators group.
The file's group will probably be Windows Domain Users on a
server, or None on a workstation.
If an owner has no specific ACE associated with it, the
owner-permission bits are empty.
If the owner is a group, the group permissions are transferred
to the owner permissions, and the group permissions are made
empty.
If the ACE used to determine the owner's permissions does not
have a change permission (P) or a take ownership (O) permission,
the chown(1),
chgrp(1),
and chmod(1)
commands might not work as expected.
All objects on a file allocation table (FAT) file system or
high-performance file system (HPFS) are owned by the Everyone user
and the Everyone group.
. The following example illustrates output
of the ls -l command: