By examining how the system associates permissions with each file and then seeing how the kernel checks to see who is allowed to access which files, the concepts of user ID and group ID should become clearer.
Each file has exactly one owning user and exactly one owning group. When you create a new file, the file is owned by the user and group of the creating process.
You can view these permission bits interactively with the ls command by using the -l or -o options and programmatically with the stat system call.
This stat function takes two parameters: the name of the file you want to find out about, and the address of a data structure that is filled in with information about the file.
The http://siber.cankaya.edu.tr/SystemsProgramming/cfiles/stat-perm.c program in Fig. 11.2 shows an example of using stat to obtain file permissions.
Figure 11.2:
Determine File Owner's Write Permission.
$ ./stat-perm hello
The S_IWUSR constant corresponds to write permission for the owning user. (S_IRGRP, S_IXOTH)
chmod ("hello", S_IRUSR | S_IXUSR);
The same permission bits apply to directories, but they have different meanings.
If a user is allowed to read from a directory, the user is allowed to see the list of files that are present in that directory.
If a user is allowed to write to a directory, the user is allowed to add or remove files from the directory. Note that a user may remove files from a directory if she is allowed to write to the directory, even if she does not have permission to modify the file she is removing.
If a user is allowed to execute a directory, the user is allowed to enter that directory and access the files therein. Without execute access to a directory, a user is not allowed to access the files in that directory independent of the permissions on the files themselves.
To summarize, let's review how the kernel decides whether to allow a process to access a particular file. It checks to see whether the accessing user is the owning user, a member of the owning group, or someone else.
Then the kernel checks the operation that is being performed against the permission bits that apply to this user.
