Discretionary access control (DAC): permission bits
In the first field of the ls -l output,
the first character indicates the type of file:
- for a regular file
d
for a directory file
b
for a block special device file
c
for a character special device file
l
for a symbolic link
The next nine characters are interpreted
as three sets of three bits each.
The first set refers to the owner's permissions.
The second set refers to permissions of the file's group class
(this will consist only of the owning group, unless
additional ACL entries are present).
The third set refers to the permissions for everyone else.
Within each set, the three characters show, respectively,
permission
to read
to write
to
execute the file as a program
For a directory, ``execute'' permission is interpreted
to mean permission to search the directory
for a specified file.
One additional character may appear at the end of the
permission bit characters.
A plus sign (
+)
is displayed to show that additional access permissions,
beyond those shown by the three sets of three bits, have
been granted or denied through the
ACL mechanism.
ACLs and their relation to permission bits are
discussed in
``Discretionary access control (DAC): access control lists''.
The permissions are displayed by ls as follows:
Symbol
Meaning
r
file is readable
w
file is writable
x
file is executable
--
no permission
l
mandatory locking will occur during access
(setgid bit is on and
the group execution bit off)
s
setuid or setgid bit is on
and the corresponding user or
group execution bit is also on
S
setuid bit is on and the user execution bit is off
t
sticky and execution bits for other are on
T
sticky bit is turned on, and the execution
bit for other is off
File access permissions
Symbol
Meaning
r
directory is readable
w
directory is writable
x
directory is serachable
t
file removal from a writable directory is
limited to the owner of the directory or
file unless the file is writable