To start, let’s go back to the very basics. It is the role of the filesystem to organize things on a disk so you can store and retrieve your files. There are numerous different filesystems supported on a typical Linux system: Ext3/4, XFS, ZFS, BTRFS just to name a few. A filesystem has the exclusive use of a given storage area. However, if you have multiple disks or multiple partitions on the same disks, you may very well have different kinds of filesystems in use simultaneously on your system.
For example here are the filesystems currently in use on my laptop while I type this text:
sh:/tmp# mount | awk '/^\/dev/ { print $1,$4,$5 }' | sort -u
/dev/mapper/vg-lvb type ext3
/dev/mapper/vg-lvc type ext3
/dev/mapper/vg-lvd type ext3
/dev/mapper/vg-lv--root type ext2
/dev/mapper/vg-lv--tmp type ext2
/dev/mapper/vg-lv--usr type ext4
/dev/mapper/vg-lv--var--log type ext4
/dev/mapper/vg-lv--var type ext4
/dev/sda1 type xfs
The job of the file system is to store and retrieve your files. In addition to the file content, they also manage a set of metadata associated with that content. It could be, for example, the file name, the file owner, the latest modification date, or, for what interest us today, the file’s permissions.
For things to be a little bit less abstract, let’s consider that sample file:
sh:/tmp# touch samplefile
sh:/tmp# stat samplefile
File: samplefile
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fe09h/65033d Inode: 274 Links: 1
Access: (0754/-rwxr-xr--) Uid: ( 1000/ sylvain) Gid: ( 50/ staff)
Access: 2018-03-13 19:12:41.572964286 +0100
Modify: 2018-03-13 19:12:41.572964286 +0100
Change: 2018-03-13 19:14:58.119559243 +0100
Birth: -
You can see many metadata are associated with the file. You may eventually be more familiar with the output of the ls -l
command that displays the most useful subset of that information:
sh:/tmp# ls -l samplefile
-rwxr-xr-- 1 sylvain staff 0 Mar 13 19:12 samplefile
The traditional file permissions (as opposed to Unix ACLs) are stored using at least 9 bits. A bit is just a fancy name for a flag that can be either true ("set") or false ("clear"):
-
The bits 0 to 2 respectively control the write, read and execute permissions on the file for any user (for the "world")
-
The bits 3 to 5 respectively control the write, read and execute permissions on the file for users belonging to the same group as the file
-
The bits 6 to 8 respectively control the write, read and execute permissions on the file for the owner of the file.
For my sample file, you can see:
-
anyone on the system can read that file (r--
)
-
the members of the staff group can read and execute (r-x
) that file
-
and finally sylvain, the owner of the file, can read, write and execute that file (rwx
)
If you study the stat(1)
/ls(1)
commands output, you may see there are room for other "permission" bits. However, we will not talk about them today.
Instead of the symbolic rwx
flags, you will sometimes encounter their numeric octal counterpart. In that format, the x
flag has the value 1, the w
flag has the value 2, and the r
flag has the value 4. So, rwx
can be written numerically as 7 (that is: 4+2+1). I let you make the necessary calculations to check that, as indicated by the stat command, the rwxr-xr--
permission is equivalent to the octal number 754
:
stat -c "%a %A %n" samplefile
754 -rwxr-xr-- samplefile