User Tools

Site Tools


permissions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
permissions [2021/03/09 19:48] – [An example] hc9permissions [2021/03/12 18:42] (current) – [File Flags] hc9
Line 17: Line 17:
 ^ w | Change (**w**rite) file contents. | Add or remove files from directory.<sup>2</sup> | ^ w | Change (**w**rite) file contents. | Add or remove files from directory.<sup>2</sup> |
 ^ x | Shell will attempt to e**x**ecute file if file name entered by itself on command line. | Access (read or write) the directory<sup>3</sup> or any files in the directory or its subtree, or make the directory the user's working directory. | ^ x | Shell will attempt to e**x**ecute file if file name entered by itself on command line. | Access (read or write) the directory<sup>3</sup> or any files in the directory or its subtree, or make the directory the user's working directory. |
-| **Notes:**     - File information can be obtained even without directory **r** permission if a file's full name is specified,    **w** directory permission allows a user to delete a file from the directory, //even if the user does not have **w** (change contents) permission for the file itself//. The reverse is also possible: a user who lacks **w** directory permission may be able to modify the contents of a file in the directory but not delete it.    Implementations vary on the permission required to list directory file names. SDF hosts (running NetBSD) will list directory files if the user has **r** permission for the directory. Other implementations require both **r** and **x** permissions to list directory files. |||+| **Notes:** <sup>1</sup> File information can be obtained even without directory **r** permission if a file's full name is specified, <sup>2</sup> **w** directory permission allows a user to delete a file from the directory, //even if the user does not have **w** (change contents) permission for the file itself//. The reverse is also possible: a user who lacks **w** directory permission may be able to modify the contents of a file in the directory but not delete it. <sup>3</sup> Implementations vary on the permission required to list directory file names. SDF hosts (running NetBSD) will list directory files if the user has **r** permission for the directory. Other implementations require both **r** and **x** permissions to list directory files. |||
  
 Unlike some other file systems, such as NTFS, neither **r** nor **w** directory permission have any influence on **r** or **w** permission for subdirectories or files anywhere in the directory's subtree. **r** or **w** permission is determined by what has been assigned to your user class for the directory in question without considering **r** and **w** permission for directories higher in the file system tree. Unlike some other file systems, such as NTFS, neither **r** nor **w** directory permission have any influence on **r** or **w** permission for subdirectories or files anywhere in the directory's subtree. **r** or **w** permission is determined by what has been assigned to your user class for the directory in question without considering **r** and **w** permission for directories higher in the file system tree.
Line 31: Line 31:
 ^ g | //**G**roup//. Members of the user group to which the file has been assigned. | ^ g | //**G**roup//. Members of the user group to which the file has been assigned. |
 ^ o | //**O**thers//. Users not in either of the above classes. This is the user class that SDF's web server uses when a web browser requests a file from your web site.<sup>1</sup> | ^ o | //**O**thers//. Users not in either of the above classes. This is the user class that SDF's web server uses when a web browser requests a file from your web site.<sup>1</sup> |
-| **Notes:**     - The use of CGI programs on a web site complicates the permission check. Access to the CGI program file itself is checked with user class **o**. Many web servers are configured so that file access requests from CGI programs are also checked with user class **o**. However, the SDF web server has been configured to execute CGI programs with the permissions of the owner of the program file (//you//, for CGI programs you have installed on your SDF web site). Therefore if your CGI program accesses files owned by you, permissions will be checked with user class **u**. Files not owned by you will be checked with user class **o**. ||+| **Notes:** <sup>1</sup> The use of CGI programs on a web site complicates the permission check. Access to the CGI program file itself is checked with user class **o**. Many web servers are configured so that file access requests from CGI programs are also checked with user class **o**. However, the SDF web server has been configured to execute CGI programs with the permissions of the owner of the program file (//you//, for CGI programs you have installed on your SDF web site). Therefore if your CGI program accesses files owned by you, permissions will be checked with user class **u**. Files not owned by you will be checked with user class **o**. ||
  
 ==== An example ==== ==== An example ====
Line 131: Line 131:
 <user-classes><operation><permission-types>[,<user-classes><operation><permission-types>]… <user-classes><operation><permission-types>[,<user-classes><operation><permission-types>]…
  
-//user-classes//User class(es) for which permissions are to be changed. Specify with one-character class symbols ''u'', ''g'', ''o'', or ''a'' for all classes. May specify more than one class. //operation//One of the following: ''+'' + 
-Add permission types to user classes.''-'' +|1|//user-classes//
-Remove permission types from user classes.''='' +| |User class(es) for which permissions are to be changed. Specify with one-character class symbols ''u'', ''g'', ''o'', or ''a'' for all classes. May specify more than one class.
-Set permission types for user classes.//permission-types//Permission type(s) to be set or removed. Use one-character type symbols ''r'', ''w'', or ''x''. May specify more than one type.+|2|//operation//
 +| |One of the following:
 +| | ''+'' Add permission types to user classes.
 +| | ''-'' Remove permission types from user classes.
 +| | ''='' Set permission types for user classes.
 +|3|//permission-types//
 +| |Permission type(s) to be set or removed. Use one-character type symbols ''r'', ''w'', or ''x''. May specify more than one type.|
  
 Therefore the command: Therefore the command:
Line 160: Line 166:
 ---- ----
  
-$Id: permissions.html,v 1.8 2007/10/02 11:22:28 papa Exp $ [[http://sdf.org/?tutorials/permissions|File Permissions]] - legacy link+$Id: permissions.html,v 1.8 2007/10/02 11:22:28 papa Exp $ [[http://sdf.org/?tutorials/permissions|File Permissions]] - traditional link (using [[wp>Revision_Control_System|RCS]])
  
permissions.1615319314.txt.gz · Last modified: 2021/03/09 19:48 by hc9