Understand permissions
UNIX-like operating systems have a mechanism called file permissions. (For convenience on this site, UNIX-like OS refers to both UNIX-like OS and Linux-like OS.) Perl is a multi-platform language that can be run on both Window and Unix, but it works fundamentally. The different parts cannot be run on both Windows and UNIX.
Since Perl was born on Unix, some builtin functions have meaning only on Unix-like operating systems, one of which is related to file permissions. This time, I will briefly explain the UNIX concept of file permissions.
Permission means "permission" when translated into Japanese. I think the meaning of this permission is easy to understand if you think about it as follows. (From here on, file permissions are abbreviated as permissions.)
Permission concept
"A file" is "Who" is "what" .
Permissions are set on a "file" basis. It is also set for all files without exception.
In the permission specification, describe who is allowed. "Who" can be described as "owner of the file", "group that owns the file", and "any user".
In the permission specification, describe what is allowed to do. What can be described in the "what" part is "read", "write", and "execute". You can make multiple specifications.
An example of permission description is as follows.
For the file "a.txt"
Allow the "owner of this file" to "write" and "read"
Allow "owning group of this file" to "write" and "read"
Allow "any user" to "read"
There are some terms in this explanation that I haven't explained yet, so I'll explain them below.
What is a user?
UNIX has the concept of a user. All users are managed by the OS.
First, it exists with the highest privileged "root" user during UNIX installation. The root user can write to and read to files regardless of file permissions. Only the root user has write permission to the file, even if other users prevent the file from being written.
root can create other users. UNIX is a multitasking operating system. For example, when you join a project, the administrator will create a user for you with root privileges.
What is a group?
UNIX has the concept of groups. For example, suppose you have a file that you use to develop a project. This file is not intended to be written by anyone other than the person in charge of development and testing.
In such a case, the administrator has root privileges and creates a group for the project. Then add the user responsible for the project to the group. Users can also belong to multiple groups.
By creating a group, you can set permissions for each group.
What is the owner of the file?
On UNIX, files are always owned by someone. There are no unowned files. For example, when you create a file, the owner of the file becomes your user ID.
What is a file owner group?
On UNIX, files are always owned by some group. If you create a new file as your user, the group name will be the same as your user name. (This is because when you create a user, a group name with the same name is created at the same time, and that group name is set.)
What is execution permission?
I think that the "read" and "write" permissions that can be specified in the "what" part can be understood without explanation, so I will explain the "execute" permission.
There are two types of files: "files for storing data" and "files in which programs are written". An example of a file in which a program is written is a file in which a Perl script such as "example.pl" is written.
When executing at the command prompt, a script called example.pl is passed to a program called perl and executed like perl example.pl. This means that example.pl is being passed as a data file to the perl program for execution.
In UNIX, you can execute a Perl script by directly specifying the file name, such as ./example.pl, by giving execute permission to the file. (./ Means the current directory. The description example.pl cannot be executed due to UNIX specifications.)
# !/usr/bin/perl
Is a request to the OS to execute this file with the program/usr/bin/perl if this file has execute permission.
This concludes the explanation of terms related to file permissions.
Use the chmod function to actually change the file permissions. Please refer to the following for the explanation of the chmod function.
How to express file permissions
Explains how to express file permissions.
First, I will explain how to express "read permission", "write permission", and "execution permission". In UNIX, these are represented by a 3-digit bit string. The meaning of the 3-digit bit is as follows.
Twice | Read | write in | execution |
Yes | 1 | 1 | 1 |
Impossible | 0 | 0 | 0 |
The third digit is the bit that represents read permission, the second digit is the bit that represents write permission, and the first digit is the bit that represents execute permission. A value of 1 means that you have permission, and a value of 0 means that you do not have permission.
For example, if the bit string is 110, you have read and write permissions, and if it is 101, you have read and execute permissions.
Octal representation of file permissions
File permissions are just bit strings, but they are often specified in octal for convenience. Use octal numbers when changing permissions with the command chmod, or when specifying permissions with sysopen function.
The correspondence between binary numbers (bit strings) and octal numbers is described.
Binary number | Octal | Conversion from binary to octal |
000 | 0 | 4 x 0 + 2 x 0 + 1 x 0 |
001 | 1 | 4 x 0 + 2 x 0 + 1 x 1 |
010 | 2 | 4 x 0 + 2 x 1 + 1 x 0 |
011 | 3 | 4 x 0 + 2 x 1 + 1 x 1 |
100 | Four | 4 x 1 + 2 x 0 + 1 x 0 |
101 | Five |
4 x 1 + 2 x 0 +
1x1 |
110 | 6 | 4 x 1 + 2 x 1 + 1 x 0 |
111 | 7 | 4 x 1 + 2 x 1 + 1 x 1 |
Of these, the four most commonly used are 6 (110, read and write), 7 (111, read and write and execute), 4 (100, read), and 5 (101, read and execute). It's helpful to remember these four numbers.
Character representation of file permissions
File permissions are often expressed in text for human readability. It is used when specifying permissions with chmod function and when displaying detailed file information with the ls -l command.
The read permission bit is represented by "r", the write permission bit is represented by "w", and the execute permission bit is represented by "x". If the bit is not set, it is represented by "-".
Based on this, let's make a correspondence table again.
Binary number | Octal | Character representation |
000 | 0 | ―――――― |
001 | 1 | - -- x |
010 | 2 | - w - |
011 | 3 | - w x |
100 | Four | r - -- |
101 | Five | r - x |
110 | 6 | r w- |
111 | 7 | r w x |
If you can write this correspondence table, your understanding of permissions is perfect.
Set permissions to "Owner", "Group", "Any User"
Explains how to set file permissions for "owner", "group", and "any user". Using the table below, the permissions are expressed in 3 bits and are as follows.
Binary number | Octal | Character representation |
000 | 0 | ―――――― |
001 | 1 | - -- x |
010 | 2 | - w - |
011 | 3 | - w x |
100 | Four | r - -- |
101 | Five | r - x |
110 | 6 | r w- |
111 | 7 | r w x |
Arranging these in the order of "owner", "owning group", and "any user" is the expression of permissions for files in UNIX.
For example, if the owner of the file has "read" and "write" and the owning group and any user have "read", the permissions would be as follows:
Twice | owner | Owned group | Any user |
Binary | 110 | 100 | 100 |
Octal | 6 | Four | Four |
letter | r w- | r - -- | r - -- |
Binary numbers or character representations are easy to understand, but since you have to write 9 characters, it is troublesome to specify them with arguments. Therefore, when specifying it as an argument, it is often specified in octal. It is convenient if you can understand the meaning immediately by looking only at the octal number.
Octal representation of commonly used permissions
For data files
permission | intention |
644 | Only I want to read and write. Others only allow reading. |
664 | I want to allow reading and writing in a group. Only allow others to read. |
666 | Anyone can read and write freely |
600 | Only you can read and write. I don't want other people to read it |
For executable files
755 | Only you can execute, read and write. Allow others to run and read |
777 | Anyone can run it, anyone can read and write |
Directory permissions
The meaning of permissions on directories is a little different from the meaning of permissions on files. Explains the meaning of permissions on directories.
In UNIX, a directory is a special file. If it is a normal text file, the contents of the file are written with a string, but the directory contains the information of the file.
ls -l directory name
If you look inside the directory with the command
# [root @colinux y-kimoto] ls -l dir1 16 in total -rw-rw-r-- 1 y-kimoto y-kimoto 164 2008-05-28 00:36 b.pl -rw-rw-r-- 1 y-kimoto y-kimoto 6 2008-08-16 10:26 c.txt - -- rw-rw- 1 root root 6 2008-08-16 10:30 d.txt
It looks like this.
A directory is a special file that contains file information.
Read and write permissions on the directory
Understanding a directory as a special file makes it easier to understand the read and write permissions for the directory.
For directories
Read permission is the permission to read the file information written in the directory. For example, you cannot view directory information with the ls command unless you give read permission to the directory.
Write permission for a directory is permission to change the information of files written in the directory. For example, you cannot add or delete files to a directory.
One thing to keep in mind here is that the permissions to delete and add files are set by the write permissions on the directory. Even if you don't give write permission to a file, you can delete it if you have write permission on the directory.
Execution permission for the directory
Be sure to give execute permission to the directory. When you lose execute permission for a directory, you can use ls to see the contents of the directory, cd to move it, change the information of files in the directory, and perform all operations on the directory and files in the directory. You will not be able to.
There is little point in losing execute permission on a directory. It is sufficient to give execute permission to the directory and set it with read permission and write permission.
Common directory permissions
permission | intention |
755 | I want to add or delete files only by myself |
777 | All users may be allowed to add or delete files |
Check file permissions
I will explain how to check the permissions. To find out the file permissions, use stat function to retrieve the file permissions information. The third element is the mode information. Converting with the obtained S_IMODE function gives pure permission information.
use Fcntl ':mode'; my $mode = (stat $file) [2]; printf "%03o\n", S_IMODE ($mode);
Constants and functions that can be bitwise operated.
# Permission constants S_IRWXU S_IRUSR S_IWUSR S_IXUSR S_IRWXG S_IRGRP S_IWGRP S_IXGRP S_IRWXO S_IROTH S_IWOTH S_IXOTH # Setuid Setgid Stickiness SaveText constants S_ISUID S_ISGID S_ISVTX S_ISTXT # File type constants S_IFREG S_IFDIR S_IFLNK S_IFBLK S_IFCHR S_IFIFO S_IFSOCK S_IFWHT S_ENFMT # A function that plays the same role as the file operator S_ISREG ($mode) S_ISDIR ($mode) S_ISLNK ($mode) S_ISBLK ($mode) S_ISCHR ($mode) S_ISFIFO ($mode) S_ISSOCK ($mode)
The third mode information returned by the stat function can be retrieved a lot by performing bit operations with the constants defined in Fcntl.
Example to check permissions
This is an example to check permissions.
use strict; use warnings; # Import constants for file permissions use Fcntl ':mode'; my $file = shift || die "Usage: $0 file\n"; # The third element of the return value of the stat function is the file # Permission information print "Get file permissions.\n"; my $mode = (stat $file) [2]; # Convert to number with S_IMODE function printf "Permissions for $file (octal display):%03o\n", S_IMODE ($mode); printf "$file permissions (binary display):%09b\n", S_IMODE ($mode);
What is a bit mask?
Bitmasks affect the permissions when creating files and directories with sysopen function and mkdir functions.
For example, if the permission specified in the sysopen function is 666 and the bitmask setting is 022, the permission of the created file will be 644.
When creating a file programmatically, it is better to set the permission value to 666 for files and 777 for executables and directories. By doing this, the user of the program can freely change the permissions created by specifying the bitmask.
Bitmasks are explained in detail below.