tech-kern: Re: protection bits

Subject: Re: protection bits
To: None <tech-kern@NetBSD.ORG>
From: Mike Long <mikel@shore.net>
List: tech-kern
Date: 02/12/1998 02:48:15
>Date: Wed, 11 Feb 1998 23:07:50 +1100
>From: Giles Lean <giles@nemeton.com.au>

>On Wed, 11 Feb 1998 13:41:25 +0200  Jukka Marin wrote:
>
>> Is this a bug or a feature?
>
>Feature.
>
>If you are the owner of a file, only the owner permissions count.
>
>If you are /not/ the owner, but are a member of the group of the file,
>only the group permissions count.
>
>If you are /not/ the owner and /don't/ belong to the group then the
>other (world) permisions are used.
>
>The Linux behaviour is a bug.  (Caveat: you *could* get this behviour
>on a SysV single-group-at-a-time machine that had newgrp.  I don't
>believe Linux would use that model.)
>
>Anyone got a POSIX standard handy for chapter and verse?

*ahem*.

2.2.2.30 file group class: The property of a file indicating access
permissions for a process related to the process's group
identification.

A process is in the file group class of a file if the process is not
in the file owner class and if the effective group ID or one of the
supplementary group IDs of the process matches the group ID associated
with the file.  Other members of the class may be implementation
defined.

2.2.2.34 file other class: The property of a file indicating access
permissions for a process related to the process's user and group
identification.

A process is in the file other class of a file if the process is not
in the file owner class or file group class.

2.2.2.35 file owner class: The property of a file indicating access
permissions for a process related to the process's user
identification.

A process is in the file owner class of a file if the effective user
ID of the process matches the user ID of the file.

2.3.2 file access permissions:
...
(a) The file permission bits of a file contain read, write, and
    execute/search permissions for the file owner class, file group
    class, and file other class.
(b) Access is granted if...the requested access permission bit is set
    for the class (file owner class, file group class, or file other
    class) to which the process belongs...; otherwise, access is
    denied.
-- 
Mike Long <mikel@shore.net>                http://www.shore.net/~mikel
"Every normal man must be tempted at times to spit on his hands,
hoist the black flag, and begin slitting throats." -- H.L. Mencken