![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||
|
Did file system permissions realy originate with Unix? Does there exist more background history somewhere?
A reader suggested the move of the initial permissions page to file system permissions. I aggread with that and added some more text in the document.
The section on Octal notation is incomplete. The first digit of a four-digit octal permission set denotes something. It might be the file type or the additional permissions. I'm not sure which, and I don't know what values would be acceptable.
Much of this terminology is conjectural. Any clarification or modification thereof would be appreciated.-- Kbolino 00:21, 30 Jan 2005 (UTC)
The octal notation section is complete (note: 'Octal Notation and additional permissions' section). The first digit on a 4-digit octal permission is the suid/sgid/sticky bits. The section is worded in a dry manner. This could be cleaned up. I know that file system permissions didn't originate on Unix. Multics had file permissions as well.
There is a noticeable lack of the last octal group for suid, guid and sticky.
—The preceding unsigned comment was added by Jharr ( talk • contribs) 14:38, 18 October 2006.
I'm pretty sure Mac OS X does use traditional Unix-style premissions. The core of the operating system (Darwin) is Unix-based and exhibits all the characteristics of a typical Unix system. When I repair my disk permissions, they are set to Unix style permissions. Theshibboleth 20:57, 8 November 2006 (UTC)
Read-while-write redirects here, but there is no deeper discussion on this topic. I also hear this phrase in other context than FS permissions, such as EEPROM and flash memory. So what does it mean? -- Abdull 16:04, 7 March 2007 (UTC)
I remember vaguely that I've seen some more exotic, non-standard permission flags as output of 'ls'. I beleave it was an e
and a
... Do or did such permission bits exist or am I deceived? --
84.72.190.27
13:49, 12 March 2007 (UTC) (
de:Benutzer:RokerHRO)
"Differences between operating systems"
Shouldn't that be "Differences between file systems"? — Omegatron 20:54, 17 November 2007 (UTC)
they are indirectly related to permissions. -- xenoterracide —Preceding comment was added at 23:16, 21 March 2008 (UTC)
I just read in a mac support forum on apples site that OS X leopard server has ACL's enabled by default. This is contrary to the first paragraph's assertion that "all versions of OS X use POSIX permissions" and "no OS implements ACL's"
I don't know enough to research this further, and I'm afraid I don't know where on the forum I saw this... sorry.
VMS has 4 categories (system, owner, group, world) and 4 "permissions" (read, write, execute, and delete) in addition to ACLs. I'll fix this later when I have more time. --betaneptune —Preceding unsigned comment added by 209.191.171.11 ( talk) 17:21, 5 June 2009 (UTC)
--betaneptune
--betaneptune
Because no one has added information on other systems! DGerman ( talk) 22:15, 16 December 2012 (UTC)
Just put a '1' under each letter and a '0' under each dash.
Example:
-rwxr-x--x 111101001
This gives 111 for user, 101 for group, and 001 for other. In binary these immediately translate to 7, 5, and 1. So the octal code for this example is simply 751. Why all the extensive explanation of adding 4 and 2 and 1 and 100 and 010 and 001 and such? It's really very simple.
--betaneptune
simple if you know the ambiguity inherent in the radix always being 10 168.251.194.25 ( talk) 17:49, 3 June 2010 (UTC)
share permissions is the windows centric version of this which is the Unix angled one. I think there could be a generic article, and also specific ones for major operating systems. The names for these articles could be the terms used in those operating systems. Graeme Bartlett ( talk) 07:09, 31 December 2009 (UTC)
That's just silly. You were thinking of ACLs, right? And that share permissions should redirect there?-- JeR ( talk) 13:10, 16 September 2010 (UTC)
I came to this page looking for verification of packed permission bit format, which as I understand it is a space optimization allowing two rather than three bits for storing each permission -- entirely abstracted away by implementations.
The way the optimzation works is, since go, uo, ug, and ugo permissions can be represented by (respectively) o, o, g and o permissions, those four are not needed and the four remaining possibilities for each of r,w,x can be packed into two bits instead of three.
http://www.cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping describes a problem in attempting to map a posix permission of rw-r-xrw- into Windows Access Control Entities. I'm not certain that this problem is real, as it isn't clear that granting write to o but not g is possible. It would not be possible with a packed representation. 168.251.194.25 ( talk) 17:59, 3 June 2010 (UTC)
Unix, Linux and BSD files have "file mode bits" that collectively are referred to as a file's mode. See the man page for the command used to modify them: chmod.
Extended attributes are referred to as "attributes". See the man page for lsattr.
Kernel.package ( talk) 04:18, 24 May 2011 (UTC)
These MODE bits define the permissions given to others, come on. DGerman ( talk) 02:15, 17 April 2013 (UTC)
Standard permissions I believe refers to read, write and execute for the three groups user, their group and everybody. Where as ACL's over ride standard permissions and often we need some sort of ACL inspector to determine the "effective permissions". These general characterizations help me better understand different file systems. — Preceding unsigned comment added by 110.174.98.26 ( talk) 09:58, 3 October 2012 (UTC)
The + suffix indicating an ACL is present is a significant security hole if not understood by users, and it's poorly documented and not widely known, so I've added links as clearly and concisely as possible to the bottom of standard permissions. Andy Henson. 82.152.115.137 ( talk) 10:04, 13 December 2012 (UTC)
Why is the article titled with the single word "filesystem"? Surely file system is the more common term? Mitch Ames ( talk) 12:23, 17 September 2013 (UTC)
The result of the move request was: page moved. Armbrust The Homunculus 10:09, 17 October 2013 (UTC)
Filesystem permissions → File system permissions – "file" and "system" are separate words, and we have the article File system Mitch Ames ( talk) 13:50, 10 October 2013 (UTC)
I recommend that the Operating system variations section be retitled and rewritten as File system variations. The differences in permissions support are specific to the file system in use rather than the operating system in general. A drive formatted as FAT or FAT32 has no permissions, no matter what operating system it is used with. -- Dave Braunschweig ( talk) 20:51, 1 March 2015 (UTC)
It's about time someone, that would be me, fixes this. DGerman ( talk) 20:22, 11 May 2021 (UTC)
The table is not clear regarding the setuid/setgid or sticky bits. I wanted to learn how to interpret "s" and "t" in the output of "ls -l" and it was not useful. My guess, but I could be wrong, is that "s" or "S" can only appear in the first or second trial whereas "t" or "T" can only appear in the third trial. If that it is the case, it starts to make sense, because then we can use the trial to determine whether "s"/"S" is setuid or setgid. In that view, "s"/"S" in the third trial would not make sense. Also, if we used "t"/"T" in the first or second trial, there will be no room for setuid and sticky at the same time. By using "t"/"T" on the third trial only, we are OK, because "s"/"S" and "t"/"T" use different trials. If this is the correct understanding, it definitively needs a little bit more explanation. There should be some explanation in the main text about the characters "s", "S", "t" and "T" that are present in the table. I would thing that adding the three following sentences would be useful.
To set the setuid bit, in the triad for the user, we use "s" instead of "x" and "S" instead of "-". To set the setgid bit, in the triad for the group, we use "s" instead of "x" and "S" instead of "-". To set the sticky bit, in the triad for others, we use "t" instead of "x" and "T" instead of "-".
Of course, someone has to check whether this is correct. One thing is certain, whether it is correct or not, the section is not clear as it is. — Preceding unsigned comment added by 70.27.226.36 ( talk) 01:50, 14 October 2015 (UTC)
I modified the page, but I realize that perhaps it would be better to simply clearly mention that the rules for the executable characters are modified when we need to set the setuid, setgid or sticky bit attributes and provide references to the corresponding articles. It has to be clearly mentioned in a very visible manner, because the rules provided here are not always valid - they are actually modified when we need to set these extra attributes. The previous writing was not acceptable. There was only a brief and unclear mention in the table on the left. — Preceding unsigned comment added by 70.27.226.36 ( talk) 13:32, 28 October 2015 (UTC)
This article says that in Unix-like systems The write permission grants the ability to modify a file.
In other words, a file without write permission is unmodifiable.
That is not true. In GNU bash (version 4.4.7) anybody can reproduce this:
$ ls -gGid --time-style=iso . * 3965287 drwx------ 2 2048 06-09 19:02 . 3965289 -r-------- 1 6 06-09 19:02 myfil $ cat myfil hello $ cp --no-preserve=mode myfil xf $ ls -gGid --time-style=iso . * 3965287 drwx------ 2 2048 06-09 19:11 . 3965289 -r-------- 1 6 06-09 19:02 myfil 3965305 -rw-rw-r-- 1 6 06-09 19:11 xf $ echo world >>xf $ cat xf hello world $ unlink myfil $ ls -gGid --time-style=iso . *. # notice at this point no file named myfil exists 3965287 drwx------ 2 2048 06-09 19:15 . 3965305 -rw-rw-r-- 1 12 06-09 19:14 xf $ mv xf myfil $ ls -gGid --time-style=iso . * 3965287 drwx------ 2 2048 06-09 19:18 . 3965305 -rw-rw-r-- 1 12 06-09 19:14 myfil # at this point xf has been "renamed" to myfil retaining rw $ cat myfil hello world $
The directory of myfil was writable (to allow creating new files). And this is enough to replace the old myfil
with a newer myfil
! The inode number changes, but the users do not even notice it, and if so, it is usual for any text editor also to change inode numbers of (writable) files.
So maybe this is a design error (or weakness) in the Unix-like file system? The files, in the common sense, are not protected. Under file
it (most likely) means the inode. The inode is (until its quick deletion) protected, but this means not much value for the user. — Preceding
unsigned comment added by
VillamGadner (
talk •
contribs)
18:53, 9 June 2017 (UTC)
Several of the paragraphs redundantly say the same things more than once. I have made a few attempts to simplify the article slightly. DGerman ( talk) 19:58, 11 May 2021 (UTC)
In TRON, as far as I can tell, it is similar to POSIX file permissions but instead of one bit per permissions, it uses a 4-bit number for each permissions; if it is equal to or greater than the access level number of the process, then it can be accessed. (Zero is the most privileged access level, and therefore can access all files.) -- Zzo38 ( talk) 05:23, 27 March 2023 (UTC)
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||
|
Did file system permissions realy originate with Unix? Does there exist more background history somewhere?
A reader suggested the move of the initial permissions page to file system permissions. I aggread with that and added some more text in the document.
The section on Octal notation is incomplete. The first digit of a four-digit octal permission set denotes something. It might be the file type or the additional permissions. I'm not sure which, and I don't know what values would be acceptable.
Much of this terminology is conjectural. Any clarification or modification thereof would be appreciated.-- Kbolino 00:21, 30 Jan 2005 (UTC)
The octal notation section is complete (note: 'Octal Notation and additional permissions' section). The first digit on a 4-digit octal permission is the suid/sgid/sticky bits. The section is worded in a dry manner. This could be cleaned up. I know that file system permissions didn't originate on Unix. Multics had file permissions as well.
There is a noticeable lack of the last octal group for suid, guid and sticky.
—The preceding unsigned comment was added by Jharr ( talk • contribs) 14:38, 18 October 2006.
I'm pretty sure Mac OS X does use traditional Unix-style premissions. The core of the operating system (Darwin) is Unix-based and exhibits all the characteristics of a typical Unix system. When I repair my disk permissions, they are set to Unix style permissions. Theshibboleth 20:57, 8 November 2006 (UTC)
Read-while-write redirects here, but there is no deeper discussion on this topic. I also hear this phrase in other context than FS permissions, such as EEPROM and flash memory. So what does it mean? -- Abdull 16:04, 7 March 2007 (UTC)
I remember vaguely that I've seen some more exotic, non-standard permission flags as output of 'ls'. I beleave it was an e
and a
... Do or did such permission bits exist or am I deceived? --
84.72.190.27
13:49, 12 March 2007 (UTC) (
de:Benutzer:RokerHRO)
"Differences between operating systems"
Shouldn't that be "Differences between file systems"? — Omegatron 20:54, 17 November 2007 (UTC)
they are indirectly related to permissions. -- xenoterracide —Preceding comment was added at 23:16, 21 March 2008 (UTC)
I just read in a mac support forum on apples site that OS X leopard server has ACL's enabled by default. This is contrary to the first paragraph's assertion that "all versions of OS X use POSIX permissions" and "no OS implements ACL's"
I don't know enough to research this further, and I'm afraid I don't know where on the forum I saw this... sorry.
VMS has 4 categories (system, owner, group, world) and 4 "permissions" (read, write, execute, and delete) in addition to ACLs. I'll fix this later when I have more time. --betaneptune —Preceding unsigned comment added by 209.191.171.11 ( talk) 17:21, 5 June 2009 (UTC)
--betaneptune
--betaneptune
Because no one has added information on other systems! DGerman ( talk) 22:15, 16 December 2012 (UTC)
Just put a '1' under each letter and a '0' under each dash.
Example:
-rwxr-x--x 111101001
This gives 111 for user, 101 for group, and 001 for other. In binary these immediately translate to 7, 5, and 1. So the octal code for this example is simply 751. Why all the extensive explanation of adding 4 and 2 and 1 and 100 and 010 and 001 and such? It's really very simple.
--betaneptune
simple if you know the ambiguity inherent in the radix always being 10 168.251.194.25 ( talk) 17:49, 3 June 2010 (UTC)
share permissions is the windows centric version of this which is the Unix angled one. I think there could be a generic article, and also specific ones for major operating systems. The names for these articles could be the terms used in those operating systems. Graeme Bartlett ( talk) 07:09, 31 December 2009 (UTC)
That's just silly. You were thinking of ACLs, right? And that share permissions should redirect there?-- JeR ( talk) 13:10, 16 September 2010 (UTC)
I came to this page looking for verification of packed permission bit format, which as I understand it is a space optimization allowing two rather than three bits for storing each permission -- entirely abstracted away by implementations.
The way the optimzation works is, since go, uo, ug, and ugo permissions can be represented by (respectively) o, o, g and o permissions, those four are not needed and the four remaining possibilities for each of r,w,x can be packed into two bits instead of three.
http://www.cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping describes a problem in attempting to map a posix permission of rw-r-xrw- into Windows Access Control Entities. I'm not certain that this problem is real, as it isn't clear that granting write to o but not g is possible. It would not be possible with a packed representation. 168.251.194.25 ( talk) 17:59, 3 June 2010 (UTC)
Unix, Linux and BSD files have "file mode bits" that collectively are referred to as a file's mode. See the man page for the command used to modify them: chmod.
Extended attributes are referred to as "attributes". See the man page for lsattr.
Kernel.package ( talk) 04:18, 24 May 2011 (UTC)
These MODE bits define the permissions given to others, come on. DGerman ( talk) 02:15, 17 April 2013 (UTC)
Standard permissions I believe refers to read, write and execute for the three groups user, their group and everybody. Where as ACL's over ride standard permissions and often we need some sort of ACL inspector to determine the "effective permissions". These general characterizations help me better understand different file systems. — Preceding unsigned comment added by 110.174.98.26 ( talk) 09:58, 3 October 2012 (UTC)
The + suffix indicating an ACL is present is a significant security hole if not understood by users, and it's poorly documented and not widely known, so I've added links as clearly and concisely as possible to the bottom of standard permissions. Andy Henson. 82.152.115.137 ( talk) 10:04, 13 December 2012 (UTC)
Why is the article titled with the single word "filesystem"? Surely file system is the more common term? Mitch Ames ( talk) 12:23, 17 September 2013 (UTC)
The result of the move request was: page moved. Armbrust The Homunculus 10:09, 17 October 2013 (UTC)
Filesystem permissions → File system permissions – "file" and "system" are separate words, and we have the article File system Mitch Ames ( talk) 13:50, 10 October 2013 (UTC)
I recommend that the Operating system variations section be retitled and rewritten as File system variations. The differences in permissions support are specific to the file system in use rather than the operating system in general. A drive formatted as FAT or FAT32 has no permissions, no matter what operating system it is used with. -- Dave Braunschweig ( talk) 20:51, 1 March 2015 (UTC)
It's about time someone, that would be me, fixes this. DGerman ( talk) 20:22, 11 May 2021 (UTC)
The table is not clear regarding the setuid/setgid or sticky bits. I wanted to learn how to interpret "s" and "t" in the output of "ls -l" and it was not useful. My guess, but I could be wrong, is that "s" or "S" can only appear in the first or second trial whereas "t" or "T" can only appear in the third trial. If that it is the case, it starts to make sense, because then we can use the trial to determine whether "s"/"S" is setuid or setgid. In that view, "s"/"S" in the third trial would not make sense. Also, if we used "t"/"T" in the first or second trial, there will be no room for setuid and sticky at the same time. By using "t"/"T" on the third trial only, we are OK, because "s"/"S" and "t"/"T" use different trials. If this is the correct understanding, it definitively needs a little bit more explanation. There should be some explanation in the main text about the characters "s", "S", "t" and "T" that are present in the table. I would thing that adding the three following sentences would be useful.
To set the setuid bit, in the triad for the user, we use "s" instead of "x" and "S" instead of "-". To set the setgid bit, in the triad for the group, we use "s" instead of "x" and "S" instead of "-". To set the sticky bit, in the triad for others, we use "t" instead of "x" and "T" instead of "-".
Of course, someone has to check whether this is correct. One thing is certain, whether it is correct or not, the section is not clear as it is. — Preceding unsigned comment added by 70.27.226.36 ( talk) 01:50, 14 October 2015 (UTC)
I modified the page, but I realize that perhaps it would be better to simply clearly mention that the rules for the executable characters are modified when we need to set the setuid, setgid or sticky bit attributes and provide references to the corresponding articles. It has to be clearly mentioned in a very visible manner, because the rules provided here are not always valid - they are actually modified when we need to set these extra attributes. The previous writing was not acceptable. There was only a brief and unclear mention in the table on the left. — Preceding unsigned comment added by 70.27.226.36 ( talk) 13:32, 28 October 2015 (UTC)
This article says that in Unix-like systems The write permission grants the ability to modify a file.
In other words, a file without write permission is unmodifiable.
That is not true. In GNU bash (version 4.4.7) anybody can reproduce this:
$ ls -gGid --time-style=iso . * 3965287 drwx------ 2 2048 06-09 19:02 . 3965289 -r-------- 1 6 06-09 19:02 myfil $ cat myfil hello $ cp --no-preserve=mode myfil xf $ ls -gGid --time-style=iso . * 3965287 drwx------ 2 2048 06-09 19:11 . 3965289 -r-------- 1 6 06-09 19:02 myfil 3965305 -rw-rw-r-- 1 6 06-09 19:11 xf $ echo world >>xf $ cat xf hello world $ unlink myfil $ ls -gGid --time-style=iso . *. # notice at this point no file named myfil exists 3965287 drwx------ 2 2048 06-09 19:15 . 3965305 -rw-rw-r-- 1 12 06-09 19:14 xf $ mv xf myfil $ ls -gGid --time-style=iso . * 3965287 drwx------ 2 2048 06-09 19:18 . 3965305 -rw-rw-r-- 1 12 06-09 19:14 myfil # at this point xf has been "renamed" to myfil retaining rw $ cat myfil hello world $
The directory of myfil was writable (to allow creating new files). And this is enough to replace the old myfil
with a newer myfil
! The inode number changes, but the users do not even notice it, and if so, it is usual for any text editor also to change inode numbers of (writable) files.
So maybe this is a design error (or weakness) in the Unix-like file system? The files, in the common sense, are not protected. Under file
it (most likely) means the inode. The inode is (until its quick deletion) protected, but this means not much value for the user. — Preceding
unsigned comment added by
VillamGadner (
talk •
contribs)
18:53, 9 June 2017 (UTC)
Several of the paragraphs redundantly say the same things more than once. I have made a few attempts to simplify the article slightly. DGerman ( talk) 19:58, 11 May 2021 (UTC)
In TRON, as far as I can tell, it is similar to POSIX file permissions but instead of one bit per permissions, it uses a 4-bit number for each permissions; if it is equal to or greater than the access level number of the process, then it can be accessed. (Zero is the most privileged access level, and therefore can access all files.) -- Zzo38 ( talk) 05:23, 27 March 2023 (UTC)