Unix Access Control

• Every user has a (typically unique) identifier
• Each user belongs to one or more groups

$ id
uid=1000(dds) gid=1000(dds) groups=1000(dds), 0(wheel), 10000(cvs), 20000(lh), 20001(dynweb), 20002(rpipe), 20003(postg), 20004(issues), 20005(dewdrop), 20006(eaware), 20007(mexpress), 20008(ivm), 20009(weblog), 20010(rng), 20011(uca)

• Each file belongs to a user and a group
• Each file or directory has a set of permissions associated with it
• Permissions are: write access, read access, execute permission
• A different permission set is specified for the file's user, group, and all other users.
• On directories execute permission implies ability to traverse
• Executable files can be specified to run under the permission of their owner or group (rather than the user executing them).
• A sepcial user, the super user (named root overrides all access permissions

-r-xr-xr-x   1 root  wheel   206740 Mar 27 15:42 /usr/bin/make
-r-sr-xr-x   1 man   wheel    29752 Mar 27 15:39 /usr/bin/man
-r-sr-xr-x   2 root  wheel    28828 Mar 27 15:42 /usr/bin/passwd

drwxr-xr-x  23 root  wheel  1024 Jun 15 16:38 /usr/src
drwxrwxrwt   3 root  wheel   512 Jul  4 13:24 /usr/tmp
drwxr-xr-x   2 root  wheel   512 Dec  2  2002 /usr/var
drwxr-xr-x  13 root  wheel   512 Jun 15 17:01 /usr/www

-rw-------  1 root  wheel  5291 Jul  2 12:47 /etc/master.passwd

• PreviousBuffer Overflow Defences
• Contents
• NextWindows Access Control

 Last change: Friday, July 4, 2003 1:50 pm
 Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.