Componentes del marco legal

Directories are similar to files in how you interpret the permissions strings. The differences occur because of the unique purpose of directories, namely to store other files or directories. I always think of directories as bins or boxes. You can examine the box itself, or you can look at what’s inside.

In many ways, UNIX treats directories simply as files in the file system, where the content of the file is a list of the files and directories stored within, rather than a letter, program, or shopping list.

The difference, of course, is that when you operate with directories, you’re operating both with the directory itself, and, implicitly, with its contents. By analogy, when you fiddle with a box full of toys, you’re not altering just the state of the box itself, but also potentially the toys within.

There are three permissions possible for a directory, just as for a file: read, write, and execute. The easiest is write permission. If a directory has write permission enabled, you can add new items and remove items from the directory. It’s like owning the box; you can do what you’d like with the toys inside.

The interaction between read and execute permissions with a directory is confusing. There are two types of operations you perform on a directory: listing the contents of the directory (usually with ls_{) and examining specific, known files within the directory.}

1. Start by listing a directory, using the -d flag: % ls -ld testme

dr-x--- 2 taylor 512 Oct 11 17:03 testme/ % ls -l testme

total 0

-rw-rw---- 1 taylor 0 Oct 11 17:03 file % ls -l testme/file

-rw-rw---- 1 taylor 0 Oct 11 17:03 testme/file

For a directory with both read and execute permissions, you can see that it’s easy to list the directory, find out the files therein, and list specific files within the directory.

2. Read permission on a directory enables you to read the “table of contents” of the directory but, by itself, does not allow you to examine any of the files therein. By itself, read permission is rather bizarre:

% ls -ld testme

dr--- 2 taylor 512 Oct 11 17:03 testme/ % ls -l testme

testme/file not found total 0

% ls -l testme/file

testme/file not found

Notice that the system indicated the name of the file contained in the testme directory. When I tried to list the file explicitly, however, the system couldn’t find the file.

3. Compare this with the situation when you have execute permission—which enables you to examine the files within the directory—but you don’t have read permission, and you are prevented from viewing the table of contents of the directory itself: % ls -ld testme

d--x--- 2 taylor 512 Oct 11 17:03 testme/ % ls -l testme

testme unreadable % ls -l testme/file

-rw-rw---- 1 taylor 0 Oct 11 17:03 testme/file

With execute-only permission, you can set up directories so that people who know the names of files contained in the directories can access those files, but people without that knowledge cannot list the directory to learn the filenames. 4. I’ve actually never seen anyone have a directory in UNIX with execute-only

permission, and certainly you would never expect to see one set to read-only. It would be nice if UNIX would warn you if you set a directory to have one permis- sion and not the other. However, UNIX won’t do that. So, remember for directo- ries always to be sure that you have both read and execute permission set. Table 5.3 summarizes the most common directory permissions.

Table 5.3. The most common directory permissions.

Permission Meaning

--- _{No access allowed to directory}

r-x _{Read-only access, no modification allowed} rwx All access allowed

5

5. One interesting permutation of directory permissions is for a directory that’s write- only. Unfortunately, the write-only permission doesn’t do what you’d hope, that is, enable people to add files to the directory without being able to see what the directory already contains. Instead, it’s functionally identical to having it set for no access permission at all.

At the beginning of this hour, I used ls _{to list various files and directories in my} home directory:

% ls -l

total 403

drwx--- 2 taylor 512 Sep 30 10:38 Archives/ drwx--- 3 taylor 512 Oct 1 08:23 InfoWorld/ -rw--- 1 taylor 106020 Oct 10 13:47 LISTS drwx--- 2 taylor 1024 Sep 30 10:50 Mail/ drwx--- 2 taylor 512 Oct 6 09:36 News/ drwx--- 2 taylor 512 Sep 30 10:51 OWL/

-rw--- 1 taylor 4643 Oct 10 14:01 RUMORS.18Sept drwx--- 2 taylor 512 Oct 10 19:09 bin/

-rw--- 1 taylor 3843 Oct 10 16:22 iecc.list -rw-rw-r-- 1 taylor 280232 Oct 10 16:22 mailing.lists -rw-rw---- 1 taylor 1031 Oct 7 15:44 newlists drwx--- 2 taylor 512 Oct 10 19:09 src/

Now you can see that all my directories are set so that I have list, examine, and modify (read, execute, and write, respectively) capability for myself, and no access is allowed for anyone else.

6. The very top-level directory is more interesting, with a variety of different directory owners and permissions:

% ls -l /

-rw-r--r-- 1 root 61440 Nov 29 1991 boot drwxr-xr-x 4 root 23552 Sep 27 11:31 dev -r--r--r-- 1 root 686753 Aug 27 21:58 dynix drwxr-xr-x 6 root 3072 Oct 11 16:30 etc drwxr-xr-x 2 root 8192 Apr 12 1991 lost+found lrwxr-xr-x 1 root 7 Jul 28 1988 sys -> usr/sys drwxrwxrwx 65 root 12800 Oct 11 17:33 tmp

drwxr-xr-x 753 root 14848 Oct 5 10:07 usera drwxr-xr-x 317 root 13312 Oct 5 10:17 userb drwxr-xr-x 626 root 13312 Oct 8 13:02 userc drwxr-xr-x 534 root 10752 Sep 30 13:06 users drwxr-xr-x 34 root 1024 Oct 1 09:10 usr drwxr-xr-x 5 root 1024 Oct 1 09:20 var

Clearly, this machine has a lot of users. Notice that the link count for usera_, userb_, userc, and users are each in the hundreds. The dev directory has read and execute permission for everyone and write permission for the owner (root_{). Indeed, all the} directories at this level are identical except for tmp_{, which has read, write, and} execute permission for all users on the system.

7. Did you notice the listing for the sys _{directory buried in that output?} lrwxr-xr-x 1 root 7 Jul 28 1988 sys -> usr/sys

From the information in Table 5.1, you know that the first letter of the permis- sions string being an l _{means that the directory is a symbolic link. The filename} shows just the specifics of the link, indicating that sys _{points to the directory} usr/ sys. In fact, if you count the number of letters in the name usr/sys, you’ll find that it exactly matches the size of the sys _{link entry, too.}

8. Try using ls -l / yourself. You should be able to understand the permissions of any file or directory that you encounter.

Permissions of files and directories will prove easier as you work with UNIX more.

Task 5.3: Modify File and Directory Permissions