Specifics of Permissions
Here's how to interpret the ls command's output in Terminal. There are nine fields in each line. Going from left to right, they are as follows:
Field 1: A set of 10 permission flags.
Field 2: Link count (don't worry about this)
Field 3: Owner of the file
Field 4: Associated group for the file
Field 5: Size in bytes
Field 6–8: Date of last modification
Field 9: Name of file
The permission flags are also read from left to right within the 10-digit field.
1: directory flag ('d' if a directory; '-' if a normal file; 'l' if an alias)
2, 3, 4: read, write, execute permission for Owner of file
5, 6, 7: read, write, execute permission for Group
8, 9, 10: read, write, execute permission for any other user
The values occurring in each of the 10 positions are listed below:
-: In any position, means that flag is not set.
r: File is readable by owner, group, or other.
w: File is writeable. On a directory, write access means you can add or delete files.
x: File is executable (only for programs and shell scripts). Execute permission on a directory means you can list the files in that directory.
s: In the place where 'x' would normally go is called the set-UID or set-groupID flag.
For an executable program with set-UID or set-groupID, that program will run using the effective permissions of its owner or group. For a directory, the set-groupID flag means that all files created inside that directory will inherit the group of the directory. Without this flag, a file takes on the primary group of the user creating the file. This property is important to people trying to maintain a directory as group-accessible. The subdirectories also inherit the set-groupID property.
Let's review the permissions hierarchy. Each level is independent. The user who is trying to access the file determines what level will be used to set permissions.
- If the user is the owner of the file, the owner permissions will be used.
- If the user is not the owner of the file but is in the same group as the file, the group permissions will be used.
- If the user is not the owner of the file and is not in the same group as the file, the other permissions will be used.