COMP 10024 – Fundamentals of UNIX (Week 4)

The Logic of UNIX File System Permissions

In UNIX, security is not an afterthought, it’s built directly into the file system structure. Every file and directory is governed by a set of “modes” that dictate exactly who can read, write (modify), or run it.

1. The “Three by Three” Rule

UNIX permissions are organized into three sets of access levels for three distinct types of users:

• Access Levels:
  • Read (r): Permission to view the file’s contents.
  • Write (w): Permission to modify or delete the file.
  • Execute (x): Permission to run the file as a program or script.

   

• User Categories:
  • User (u): The individual owner of the file.
  • Group (g): A collection of users with shared access.
  • Other (o): Everyone else on the system (the “world”).

2. The Inode Connection

As we learned previously, the inode is the storage locker for file metadata. Within that inode, permissions are stored in integer data fields for maximum speed and minimum storage size:

• User ID (UID): An integer mapped to a human-readable username via the /etc/passwd file.
• Group ID (GID): An integer mapped to a group name via the /etc/group file.
• Mode: The actual 9-bit field that stores the read/write/execute flags.
• Timestamps: The inode tracks three critical times: Access (last read), Modification (last content change), and Change (last metadata/permission change).

3. The Math: Binary and Octal Flags

How do we store 9 bits of information in a single integer? We use each bit as a “flag” (0 for off, 1 for on). We group these into three sets of three bits:

Each triad (rwx) is calculated using base-2 math:

• 4 (Binary 100): Read
• 2 (Binary 010): Write
• 1 (Binary 001): Execute

By adding these together, we get a single digit (0–7) representing the permissions for that category:

4. Viewing Permissions with ls -l

When you run ls -l, the first column displays these permissions in a 10-character string:

- rwx r-x r-x  1 alice staff  512 Jan 01 12:00 file_a
^  ^   ^   ^
|  |   |   +-- Other (5)
|  |   +------ Group (5)
|  +---------- User (7)
+------------- File Type (- for file, d for directory)

5. Modifying Permissions with chmod

The chmod (Change Mode) command allows you to set permissions using two different methods.

Method A: Numeric (Octal)

You provide a three digit number representing User, Group, and Other.

• chmod 777 f1: Everyone can do everything.
• chmod 644 f2: Owner can read/write; others can only read.

Method B: Symbolic

This uses letters and operators (+, -, =) for more targeted changes.

• chmod +x script.sh: Add execute permission for everyone.
• chmod u=rw,o-r file.txt: Set user to read/write and remove read for others.

6. The Big Question: Directories

Permissions behave slightly differently on directories than on regular files:

• Read (r): Allows you to ls the directory to see the names of files inside.
• Write (w): Allows you to create, delete, or rename files within the directory.
• Execute (x): Allows you to “enter” the directory (e.g., cd into it) or access files inside if you already know their names.

Lab

Lab: Exploring the UNIX File System & Permissions

This lab will guide you through the practical application of inodes, links, and the binary logic of permissions. You will need access to a UNIX/Linux terminal (or a simulated environment like WSL or macOS Terminal).

Part 1: Building the Lecture Hierarchy

First create a folder for week4 and cd into it, from here we will recreate the directory structure from our lecture diagram. We will use mkdir to build the tree and touch to create empty files.

# 1. Create the base folders
mkdir -p lab_fs/home/alice/bikes lab_fs/home/bob/cars lab_fs/tmp

# 2. Create the files
touch lab_fs/tmp/file_a
touch lab_fs/home/alice/file_a
touch lab_fs/home/bob/file_a
touch lab_fs/home/bob/cars/loan.xls

Verification: Run the command ls -R lab_fs. Your output should match this structure:

lab_fs/
├── tmp/
│   └── file_a
└── home/
    ├── alice/
    │   ├── file_a
    │   └── bikes/
    └── bob/
        ├── file_a
        └── cars/
            └── loan.xls

Part 2: Investigating Inodes and Links

Recall that filenames are just “labels” in a directory pointing to an inode number. We will now investigate how multiple labels can point to the same data.

1. Find the Inode: Move into Bob’s directory and check the inode number of his file_a.cd lab_fs/home/bob && ls -i file_a
2. Create a Hard Link: Create a new link called file_a_backup that points to the same inode.ln file_a file_a_backup
3. Check the Link Count: Run ls -l.Observation: Notice the number after the permissions. It should now be 2. This tells the system that two filenames share this data.
4. Create a Symbolic Link: Create a “soft” link to the same file.ln -s file_a my_shortcut

Compare your results:

Part 3: The Permissions Sandbox

Using the “Old Computer Science Trick” of 9-bit flags, we will now practice modifying access. We will focus on Alice’s file_a.

cd ../alice

Task: Apply the following permissions and verify them using ls -l.

Part 4: Discovery Lab – Directory Permissions

The “Question of the Day” was: What do r, w, and x mean on a directory? Let’s find out by breaking things.

1. Create a test directory: mkdir test_dir && touch test_dir/secret.txt
2. Remove Read (r): chmod -r test_dirTry ls test_dir. What happens?
3. Remove Execute (x): chmod +r, -x test_dirTry cd test_dir. What happens?
4. Remove Write (w): chmod +rx, -w test_dirTry rm test_dir/secret.txt. What happens?

Final Conclusions Table:

Categorised in: COMP-10024, Lectures, Portfolio

This post was written by amax