Representation of file permissions#
There are two notation schemes for file permission: symbolical or numerical. Different tools use either one, so it is necessary to understand both.
Symbolical representation#
The symbolic representation lists the given access permissions in the order read, write, execute for each user class in the order user, group, other. A granted permission is indicated by its symbol a denied permission by a -.
The special permissions are mixed within the symbolical representation by replacing the x-position in each access class by s or S (for set-uid and set-gid) and t or T (for sticky mode) .
This will be clear after a few examples:
permissions |
numerical |
user |
group |
other |
special |
|---|---|---|---|---|---|
|
0750 |
read, write, execute |
read, write, |
none |
none |
|
0444 |
read |
read |
read |
none |
|
0777 |
read, write, execute |
read, write, execute |
read, write, execute |
none |
|
0505 |
read, execute |
none |
read, execute |
none |
|
3750 |
read, write, execute |
read, execute |
none |
set-uid, set-gid |
|
7455 |
read |
read, execute |
read |
set-uid, sticky |
Numerical representation#
To obtain the numerical representation, the permissions are written as a bit field of length 12, divided in sections of three bits:
Permissions
┌─┬─┬─┐ ┌─┬─┬─┐┌─┬─┬─┐┌─┬─┬─┐
│u│g│t│ │r│w│x││r│w│x││r│w│x│
└─┴─┴─┘ └─┴─┴─┘└─┴─┴─┘└─┴─┴─┘
Special User Group Other
A group of three bits may represent \(2^3=8\) different values. From the binary representation follows that r, w, x can be mapped to the numeric values \(2^2=4\), \(2^1=2\) and \(2^0=1\). All possibilities are shown in the table below. The same holds true for the special permissions.
permissions |
binary |
octal |
|---|---|---|
|
|
0 |
|
|
1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
To obtain the numerical representation the octal values of the special, user, group and other section are concatenated.
Note
If no special permissions are used, the leading 0 in the numerical representation can be omitted. So for example 0755 and 755 both represent rwxrw-rw- with no special permissions. The other sections cannot be omitted.