File-system permissions

Typically, a file system maintains permission settings for each stored item – commonly files and directories – that either grant or deny the ability to manipulate file system items. Often the settings allow controlling access based on function such as read, change, navigate, and execute and to different users and groups of users. One well-established technology was developed for Unix and later codified by POSIX. Another common technology is an access-control list (ACL) with multiple variants implemented in file systems and one codified by POSIX. Since POSIX defines both the older Unix-based technology as well as ACLs, the former is called traditional POSIX permissions for clarity even though it is not a well-known term.

A permission-driven user interface tailors the functionality available to the user based on file system item permissions. For example, the interface might hide menu options that are not allowed based on the permissions stored for an item.

Examples

File system permissions have been implemented many ways. Some notable examples are described here.

NTFS which is in many versions of Windows including the current, uses ACL technology to provide permission-based access control; considered powerful yet complex.[1]

Linux file systems such as ext2, ext3, ext4, Btrfs support both POSIX permissions and POSIX.1e ACLs. There is experimental support for NFSv4 ACLs for ext3[2] and ext4 filesystems.

FreeBSD supports POSIX.1e ACLs on UFS, and NFSv4 ACLs on UFS and ZFS.[3][4]

HFS, and its successor HFS+, as implemented in the Classic Mac OS operating systems, do not support permissions.

macOS supports POSIX-compliant permissions, and supports them in both HFS+ and APFS. Beginning with version 10.4 ("Tiger"), it also supports the use of NFSv4 ACLs in addition to POSIX-compliant permissions. The Apple Mac OS X Server version 10.4+ File Services Administration Manual recommends using only traditional Unix permissions if possible. macOS also still supports the Classic Mac OS's "Protected"/"Locked" attribute as the "user immutable" flag in the 4.4BSD flags field.[5]

File Allocation Table (original version) has a per-file read-only attribute that applies to all users.

OpenVMS defines four access functions: read, write, execute and delete and user selections: system, owner, group, and world where world includes group which in turn includes owner and system selects system users. This design is similar to that of Unix with notable extensions: additional function: delete and additional user selection: system.[6] ACLs are supported in VMS 4.0 and later.[7]

Solaris ACL support depends on the filesystem being used; older UFS filesystem supports POSIX.1e ACLs, while ZFS supports only NFSv4 ACLs.[8]

IBM z/OS implements file security using RACF (Resource Access Control Facility)[9]

The AmigaOS Filesystem, AmigaDOS supports a permissions system relatively advanced for a single-user OS. In AmigaOS 1.x, files had Archive, Read, Write, Execute and Delete (collectively known as ARWED) permissions/flags. In AmigaOS 2.x and higher, additional Hold, Script, and Pure permissions/flags were added.

OpenHarmony operating system alongside its client side ecosystem in Oniro OS and HarmonyOS with HarmonyOS NEXT versions and also Linux-based openEuler server OS natively uses its Harmony Distributed File System (HMDFS) that supports access token manager (role-based access control) and Core File Kit API capability-based with granular permission management with exception to openEuler.[10][failed verification]

Traditional POSIX permissions

Traditionally, file permissions on a Unix-based file system is defined by POSIX.1-2017,[11]. It specifies three classes (user, group and others) that allow for mapping permissions to users and three operations (read, write, execute) that can be granted or denied for each class. When a file is created, its permissions default to that as accessible via the umask command.

In a Unix-based file system, everything is a file; even directories and other special files.

Classes

The classes determine how permissions map to a user. The user class permissions apply to the user who owns the file. The group class permissions apply to users of the file's owning group. The others class applies to other users.

The effective permissions are the permissions of the class in which the user falls first given the order: user, group then others. For example, the owning user has effective permissions of the user class even if they are in the owning group.

Operations

The operations that can be granted or denied include:

  • Read grants the ability to read a file. When set for a directory, this permission grants the ability to read the names of contained files, but not to read other information about them such as contents, file type, size, ownership, permissions.
  • Write grants the ability to modify a file. When set for a directory, this permission grants the ability to modify entries in the directory, which includes creating, deleting and renaming files. This requires that execute is also set; without it, the write permission is meaningless for directories.
  • Execute grants the ability to execute a file. This permission must be set for executable programs to allow running them. When set for a directory, this permission is interpreted as the search permission – granting the ability to access file contents and metadata if its name is known, but not list files in the directory, unless read is set also.

The effect of setting the permissions on a directory, rather than a file, is "one of the most frequently misunderstood file permission issues".[12]

Unlike ACL-based systems, these permissions are not inherited. Files created within a directory do not necessarily have the same permissions as its containing directory.

Changing permission behavior with setuid, setgid, and sticky bits

Three additional single-bit attributes apply to each file that are related to permissions and stored in the file mode along with permissions.

  • The set user ID, setuid, or SUID mode. Executing a file with this bit set results in a process with user ID set to the file's owning user. This enables users to be treated temporarily as root (or another user).
  • The set group ID, setgid, or SGID permission. Executing a file with this bit set results in a process with group ID set to the file's owning group. When applied to a directory, new files and directories created under that directory inherit their group from that directory. (Default behavior is to use the primary group of the effective user when setting the group of new files and directories, except on BSD-derived systems which behave as though the setgid bit is always set on all directories (see Setuid).)
  • The sticky mode (also known as the Text mode). The classical behavior of the sticky bit on executable files has been to encourage the kernel to retain the resulting process image in memory beyond termination; however, such use of the sticky bit is now restricted to only a minority of Unix-like operating systems (HP-UX and UnixWare). On a directory, the sticky permission prevents users from renaming, moving or deleting contained files owned by users other than themselves, even if they have write permission to the directory. Only the directory owner and superuser are exempt from this.

Representation

Permissions are commonly represented in symbolic or octal notation.

Symbolic notation

Symbolic notation is used in the long output format of command ls -l.

The first character of the output indicates the Unix file type which is not a permission even though its next to the permissions information. The remaining nine characters represent the grants for the user, group and others classes as groups of operation grants for read, write and execute. An operation is denied when shown as a dash or granted when shown as r for read, w for write or x for execute.

Examples:

  • -rwxr-xr-x: initial - indicates a regular file, next three rwx indicate that user class has all permissions and group and others classes (both r-x) have only read and execute
  • crw-rw-r--: initial c indicates a character special file, user and group classes (both rw-) have read and write permissions and others class (r--) has only read permission
  • dr-x------: initial d) indicates a directory, user class (r-x) has read and execute permissions and group and others classes (both ---) have no permissions

To represent the setuid, setgid and sticky/text attributes, the character in the third position for a class is modified; even though this position is otherwise only for execute and even though these attributes affect the file without concern for class. The setuid attribute modifies the execute character for the user class, the setgid attribute modifies the execute character for the group class, and the sticky or text attribute modifies the execute character for the others class. For setuid or setgid, x becomes s and - becomes S. For the sticky or text attribute x becomes t and - becomes T. For example -rwsr-Sr-t indicates a regular file, user class has read, write and execute permissions; group class has read permission; others class has read and execute permissions; and which has setuid, setgid and sticky attributes set.

Some systems show additional permission features:

  • + suffix indicates an access control list that can control additional permissions
  • . suffix indicates an SELinux context is present. Details may be listed with the command ls -Z
  • @ suffix indicates extended file attributes are present

Octal notation

Permissions are often shown in octal notation; for example via the command stat -c %a. The notation consists of at least three digits. The last three digits represent the permission by class: user, group, and others. If a fourth digit is present, the leftmost represents the three special attributes: setuid, setgid and sticky.

Each operation grant is assigned a bit position that for an octal digit is:

  • Read: left, binary 100, octal 4
  • Write: middle, binary 010, octal 2
  • Execute: right, binary 001, octal 1

A class permission value is the sum or alternatively the logic OR of the grants.

Examples:

Symbolic Octal Description
---------- 0000 no permissions
-rwx------ 0700 read, write, & execute only for owner
-rwxrwx--- 0770 read, write, & execute for owner and group
-rwxrwxrwx 0777 read, write, & execute for owner, group and others
-rwxr----- 0740 owner can read, write, & execute; group can only read; others have no permissions

User private group

Some systems diverge from the traditional POSIX model of users and groups by creating a new group – a "user private group" – for each user. Assuming that each user is the only member of its user private group, this scheme allows an umask of 002 to be used without allowing other users to write to newly created files in normal directories because such files are assigned to the creating user's private group. However, when sharing files is desirable, the administrator can create a group containing the desired users, create a group-writable directory assigned to the new group, and, most importantly, make the directory setgid. Making it setgid will cause files created in it to be assigned to the same group as the directory and the 002 umask (enabled by using user private groups) will ensure that other members of the group will be able to write to those files.[13][14]

See also

References

  1. ^ "File and Folder Permissions". Microsoft. 9 December 2009.
  2. ^ "Native NFSv4 ACLs on Linux". Archived from the original on October 12, 2008. Retrieved May 4, 2010.
  3. ^ "NFSv4_ACLs – FreeBSD Wiki".
  4. ^ "FreeNAS 9.1.1 Users Guide" (PDF). 2013. Archived from the original (PDF) on September 24, 2015.
  5. ^ Gite, Vivek (June 3, 2010). "Apple OS X: Write Protect File From Command Line".
  6. ^ "OpenVMS documentation". Archived from the original on March 5, 2012. Retrieved June 6, 2009.
  7. ^ "File Systems: Protection". CS322 Lecture Slides.
  8. ^ "Oracle Solaris ZFS Administration Guide" (PDF). Sep 2010.
  9. ^ "IBM Knowledge Center". Archived from the original on June 29, 2013.
  10. ^ "HarmonyOS Distributed File System Development Guide". Substack. LivingInHarmony Blog. 13 March 2024. Retrieved 13 March 2024.
  11. ^ "Definitions, 3.175 File Permission Bits". pubs.opengroup.org. 2018-07-22. Retrieved 2023-06-24.
  12. ^ Hatch, Bri (April 24, 2003). "Linux File Permission Confusion pt 2". Hacking Linux Exposed. Retrieved July 6, 2011.
  13. ^ Epstein, Brian. "The How and Why of User Private Groups in Unix". security.ias.edu. Institute for Advanced Study Network Security. Archived from the original on 8 August 2014. Retrieved 5 August 2014.
  14. ^ "Red Hat Enterprise Linux 7 System Administrator's Guide, 4.3.4 Creating Group Directories". Red Hat Customer Portal. Red Hat.
Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi

Kembali kehalaman sebelumnya