Mac OS X Privileges
-
Upload
andrei-filip -
Category
Documents
-
view
219 -
download
0
Transcript of Mac OS X Privileges
-
7/31/2019 Mac OS X Privileges
1/4
Privileges and Mac OS X
Thanks to the UNIX core ofMac OS X, Macintosh users have the ability to control
who can access, modify, and see their personal files and folders. Tools like
FileXaminer allow you to configure privileges for your files and folders without the
need to learn cryptic UNIX commands. The following is a short overview of the Mac
OS X Privilege architecture.
Users
A Mac OS X system can potentially serve many users. Users are used by Mac OS X
to keep track of what belongs to whom and what each user is allowed to do with any
given thing (file, program, device, etc.) on the system. Internally, Mac OS X identifies
each user by a user ID (UID) and the username (or login), similar to 'zorlarf' and
'www' being just aliases to the UID that makes us humans more comfortable.
Groups
Users can be organized in groups. A user may belong to one or more groups of users.
The concept of groups serves the purpose of assigning sets of privileges for a given
resource and sharing them among many users that need to have them; for example,
they are all members of a project team and they all need access to some common
project files. For example, under Mac OS X all "Administrator" users are members of
the admin group. This allows users granted "administrator" rights to remove
applications from the Applications folder and perform other operations that a user not
in the admin group would not be able to perform.
Ownership
Every file in UNIX belongs to an owner and a group. Say that we have an user
zorlarf, and zorlarf belongs to a group called ProjectTeam. For any file, say, an Excel
file named Budget.xls:
Budget.xls may be owned by zolarf; or it may be owned by someone else
Budget.xls may be owned by the group ProjectTeam; or it may be owned by
another group
What user zorlaf can do with Budget.xls, then, is determined, in part, by whether ornot he's the owner of the file, and whether or not he's a member of the group
-
7/31/2019 Mac OS X Privileges
2/4
ProjectTeam. (Strictly speaking it's more complex than that. For instance, in Unix, it's
possible to own a file and belong to the group that owns the file -- yet not be able to
even read the file!)
Permissions
Every file on the system has associated with it a set of permissions. Permissions, inconjunction with owner and group information, tell the operating system what can be
done with that file and by whom. There are three things you can (or can't) do with a
given file:
read it,
write (modify) it and
execute it.
Permissions specify what the owner, the group, and others can do with the file. For
any given entity ('owner', 'group' and 'other'), we need three bits to specify access
permissions: the first to denote read (r) access, the second to denote write (w) accessand the third to denote execute (x) access. Each entity ('owner', 'group' and 'other') has
its own permission triplet. Each bit can be setor clear (not set). We mark a set bit by
its corresponding operation letter (r, w, or x) and a clear bit by a dash (-) and put them
all on a row. An example might be rwxr-xr-x, where the first three (the first triplet,
rwx) indicates the owner can do anything with the file, and the second and third
triplets (r-x) indicate the group and the rest of the world (the others) can only read
and execute it.
So if you try ls -l (lowercase ell) from a Terminal command prompt you will get
something like the following:
[zorlarf:guns] djclark% ls -l
-rwxrwxrwx 1 djclark staff 8449880 Mar 21 2000 November Rain.mp3
drwxrwxrwx 16 djclark staff 500 Jun 21 2001 Illustrations
-rwxrwxrwx 1 djclark staff 3832685 Apr 22 1999 Welcome to the Jungle.mp3
The first column here shows the permission bit pattern for two files and one directory
(directories have permissions too, as we'll discuss in a moment). The third column
shows the owner to which the file (or directory) belongs, and the fourth column shows
the group to which the file (or directory) belongs. By this time, the information
provided by ls -l should be enough for you to figure out what each user of the
system can do with any of the items shown.
Directories
In the example above, Illustrations is a directory. Directories have permissions as
well, but they take on a different meaning:
read determines if a user can view the directory's contents, e.g., do an ls in it.
write determines if a user can create new files or delete files in the directory.
(Note here that this essentially means that a user with write access to a directory
can delete files in the directoryeven
if he/she doesn't have write permissions forthe file! So be careful with this.)
-
7/31/2019 Mac OS X Privileges
3/4
execute determines if the user can cd into the directory.
Permissions as numbers
When dealing with permissions you will encounter numeric representations like 735,
777, 444, etc. When taken together as three digits I call these "numeric strings"
instead of "numbers" because each character stands alone and has its own meaning.For example, 735 is not the number seven hundred thirty-five; rather, each digit in the
numeric string corresponds to one of the three permission triplets: user, group, and
other, in that order. In the numeric string 735, the digit 7 corresponds to the user
permissions, the 3 to the group permissions, and 5 to the permissions of others.
Further, each permission -- read, write, execute, no none at all -- corresponds to a
number:
read (r) has a value of 4
write (w) has a value of 2
execute (x) has a value of 1
no permission has a value of 0
Working from numerics to strings: For each permission bit that is set, you add, or
sum, each numeric value; if it is clear, then you add nothing. For example, consider
the user permission 7, which is 4 + 2 + 1; this tells us that all three permission bits are
set, and thus the user can read, write, and execute the file. Breaking down our 735
permission string, we have the following:
triplet: user group others
numeric string: 7 3 5
numbers to sum: 4+2+1 0+2+1 4+0+1
string: rwx -wx r-x
Working from strings to numerics: If a file has rwx-wxr-x permissions we do the
following calculation:
triplet: user group others
string: rwx -wx r-x
numbers to sum: 4+2+1 0+2+1 4+0+1numeric string: 7 3 5
Thus we see that the permission rwx-wxr-x is the same thing as the numeric string
735. The following table is another way to summarize this information:
read write execute Value (total) read write execute
- - - 0 0 0 0
- - x 1 0 0 1
- w - 2 0 2 0
-
7/31/2019 Mac OS X Privileges
4/4
- w x 3 0 2 1
r - - 4 4 0 0
r - x 5 4 0 1
r w - 6 4 2 0
r w x 7 4 2 1
Pretty easy, huh ?
Have a question ? Click to send feedback.
Desktop Bundle - Dock-It - FileXaminer - GSFTP - Secure Shell Helper - Snard -
xBack
Home - About Gideon Softworks - Buy
Web Site (c) Copyright 2001-2006 Gideon Softworks, Inc.