Access Permissions   «Prev  Next»
Lesson 5Numeric access codes
ObjectiveConvert Alphabetic Permission Bits to Numeric Format.

Convert Alphabetic Permission Bits to Numeric Format

The file permissions setting is stored on disk in numeric form, and working directly with this numeric representation is frequently the most convenient way to manipulate permissions. In the numeric representation, the three permission bits (r, w, x) at each level (user, group, other) are read as a 3-bit binary number, with r having value 4, w having value 2, and x having value 1.
For example,

rw-      =  4 + 2 = 6
r-x      =  4 + 1 = 5
--x      =  1  

rwx = 7

Because the largest value possible (rwx) is 7, each set of permission bits can be represented by a single octal [1] digit between 0 and 7.
The collection of all three sets of rwx bits is then represented as a three-digit octal number.
For example, the decimal number 10 means the number consists of one 10 and zero ones.
In octal, the decimal number 10 would be represented as 12 which is one 8 and two 1s. For example,

rw-rw-r--    = 664
r--r--r--    = 444
rwx------    = 700

Converting Access Permissions

Read the text below to enhance your knowledge of converting access permissions from one form to the other.
The statements below match access permission bits in alphabetic format to their corresponding octal numeric format:
  1. r--r----- is 440
  2. r-xr-xr-x is 555
  3. rwxr-xr-x is 755
  4. r-------- is 400

File Permissions

You can change file permissions using the chmod command. In Unix, file permissions, which establish who may have different types of access to a file, are specified by means of
  1. access classes and
  2. access types.
Access classes are groups of users, and each may be assigned specific access types.
The access classes are
  1. user,
  2. group,
  3. other, and
  4. all.
These refer, respectively, to the user who owns the file, a specific group of users, the other remaining users who are not in the group, and all three sets of users. Access types (read, write, and execute) determine what may be done with the file by each access class.

Process ownership

The owner of a process can send the process signals and can also reduce (degrade) the process’s scheduling priority. Processes actually have multiple identities associated with them: a real, effective, and saved UID; a real, effective, and saved GID; and under Linux, a "filesystem UID" that is used only to determine file access permissions. Broadly speaking, the real numbers are used for accounting and the effective numbers are used for the determination of access permissions. The real and effective numbers are normally the same.
Saved IDs have no direct effect. They allow programs to park an inactive ID for later use, facilitating the parsimonious use of enhanced privileges. The filesystem UID is generally explained as an implementation detail of NFS and is usually the same as the effective UID.

[1]octal: An octal number is a number based on 8s, just as a decimal number is based on 10s.