Unix users and permissions and how they interact with web files

Posted on

Problem :

When you issue the command ls in Linux you get this sort of thing:

drwxr--r--   1 fred  editors   4096  drafts
-rw-r--r--   1 fred  editors  30405  file1.php
-r-xr-xr-x   1 fred  fred      8460  file2.php

I know that the rwxrwxrwx are the read, write and execute permissions for the current user.
And I think I know that ‘fred’ is the user who owns the file.
So I assume fred can write to file1 but no one else can.
But what is the extra bit ‘editors’ and what is the difference between file1 and file2 with respect to one having an ownership of ‘fred editors’ and the other ‘fred fred’?

Also if a web user connects to one of the files, what is their user name and where is this decided? If the server decided that user connecting from the web was going to be fred, does this mean any web user could write to file1?

Any information welcomed, I am resaerching this but just getting confused.

Solution :

The second field, editors, is the “group”. No two users have the same user name, but multiple users can be a part of the same group. Using groups allows permissions to be applied to multiple users. For file1 and file2, there is in effect no difference because the “group” permissions and “others” permissions are identical. However, if you had rwxr—–, instead, then the one with “editors” would allow all editors to read the file, while “fred” could read and write, while the second would give only fred read/write/execute permissions, while everybody else wouldn’t be able to do anything (assuming that the group “fred” only includes fred, which is typically the case… in order to simplify the permissions mechanism, typically each user has a corresponding group to which only they belong, in case a group isn’t being used).

“editors” is the group that fred belongs to. Anyone else in that same group shares the same group permissions. That makes it possible to give read, write or execute permissions to a group of different users.

The username of the web user is the same as the username that is associated with the running web server process (usually — that’s somewhat configurable).

And yes, if the server was running as user “fred”, anyone who accessed the file would have write permissions.

For more information on unix groups, see the wikipedia entry on the group identifier

Leave a Reply

Your email address will not be published. Required fields are marked *