In addition to being owned by one user and one group, every file and directory also has a mode, which determines who’s allowed to read, write, and execute the file (and run it, if it’s a program). There are a few other things also determined by the mode, but they’re advanced topics so we’ll skip them for now.
The mode looks like this in the ls output: -rw-r--r--. For now, we’ll consider nine of these parts: those that control read, write, and execute permissions for the user owning the file, the group owning the file, and others (everyone on the system, sometimes called world).
In the mode line, the first “element” gives the file type. The - in this case means it’s a regular file. If it was d, we’d be looking at a directory. There are also other possibilities too complex to go into here; for details, see section 13.2.2 on page 263.
The remaining nine elements are used to display the file’s mode. The basic 9 bits (read, write, and execute for user, group, and other) are displayed as three blocks of rwx.
So if all permissions are turned on and this is a regular file, the mode will look like this: -rwxrwxrwx. If it was a directory with all permissions turned off for others and full permissions for user and group, it would be drwxrwx---.
|
Table 7.1 describes the meaning of the read, write, and execute permissions for both files and directories.
Directory modes can be a little confusing, so here are some examples of the effects of various combinations:
The user, group, or other with these permissions may list the contents of the directory, but can do nothing else. The files in the directory can’t be read, changed, deleted, or manipulated in any way. The only permitted action is reading the directory itself, that is, seeing what files it contains.
Write permission has no effect in the absence of execute permission, so this mode behaves just like the above mode.
This mode permits the files in a directory to be listed and permits access to those files. However, files can’t be created or deleted. Access means that you can view, change, or execute the files as permitted by the files’ own permissions.
Files in this directory can be accessed, but the contents of the directory can’t be listed, so you have to know what filename you’re looking for in advance (unless you’re exceptionally good at guessing). Files can’t be created or deleted.
You can do anything you want with the files in this directory, as long as it’s permitted by the permissions on the files themselves.
Directory write permission determines whether you can delete files in a directory. A read-only file can be deleted if you have permission to write to the directory containing it. You can’t delete a file from a read-only directory even if you’re allowed to make changes to the file.
This also means that if you own a directory you can always delete files from it, even if those files belong to root.
Directory execute permission determines whether you have access to files – and thus whether file permissions come into play. If you have execute permissions to a directory, file permissions for that directory become relevant. Otherwise, file permissions just don’t matter; you can’t access the files anyway.