![[*]](/usr/local/latex2html/icons.gif/cross_ref_motif.gif){kind=icon}
.
Since there are more than one user in a UNIX system, a method is provided for security. Every file and directory has a permission byte. The figure below shows which bits correspond to which permissions in a typical "ls -l" output.
owner group other r:read permission
r w x r w x r w x w:write permission
x:execute permission
First triple shows the permissions of the owner. Only owner or root can change a file's or directory's permissions. Second triple indicates the permissions of the users that are members of the same group with owner. Every user has at least one group in UNIX. So that some limited permissions can be given to members of that group, but not other users. Last triple indicates the rights of all other users.
For each triple, three bits indicate the corresponding permissions. r stands for read permission. If there is a read permission, if it is a file, it can be read, if it is a directory, it can be listed. w stands for write permission. If there is write permission for a file, it can be modified. If there is a write permission for a directory, then new files or directories can be created and old files or directories can be deleted.
'x' stands for the execute permission. If there is execute permission for a file, it can be executed if it is executable. If there is execute permission for a directory then it can be entered.
If you do not want anyone to write to your files, close the write permission of other and group. If everyone is going to be allowed to read and enter your home, then read and execute permissions should be open. An easy was to tell the system that you want every new file in some certain mode (permission) is to set a variable named "umask". For our case it has to be "umask -S 022". The three octal numbers are the subtraction of wanted mode from 777. Calculating the wanted modes can be found in section 1.6.1 on page .
Besides protecting the files and directories, UNIX system also protect every processes memory area from others. If this was not done (like DOS), one process could damage another by writing to the memory location directly.