Linux File Access Permissions

 

4.5 of Advanced Programming in the UNIX programming has a very clear explanation for file access permissions.

 

Here is an experiment to show the explanation. 

 

 

#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

int main(int argc, const char *argv[]) 
{
    int fd;

    if ((fd = open("data", O_RDONLY)) < 0) {
        printf("open error\n");
        return 1;
    } else {
        printf("open ok\n");
        return 0;
    }
}

 

 

$ gcc code.c

$ echo abc > data

$ ls -l

 

-rwxr-xr-x 1 jing jing 7174 2010-10-09 17:27 a.out

-rw-r--r-- 1 jing jing  302 2010-10-09 17:19 code.c

-rw-r--r-- 1 jing jing    4 2010-10-09 17:26 data

$ /a.out

open ok

$ chmod u-r data

$ /a.out

open error

$ id

uid=1000(jing) gid=1000(jing) groups=4(adm),20(dialout),24(cdrom),46(plugdev),104(lpadmin),115(admin),120(sambashare),121(vboxusers),125(kvm),126(libvirtd),1000(jing)

Here is the tricky part. If the effective user id is equal to the file owner id and it does not have the read permission, the permission is denied even the effective group id is equal to the file group id and does  has the read permission.

$ sudo chown test data

$ ./a.out

open ok

$ sudo chown :kvm data

$ ./a.out

open ok

kvm is a supplementary group of the current user jing. So the file can be still opened after its group being set to kvm.

$ sudo chmod g-r data

$ ./a.out

open error

$ sudo chown :fax data

$ ./aout

open ok

$ sudo chmod o-r data

$ ./a.out

open error