Determining User Access on a Linux Filesystem with „Classic Permissions“

Simultaneous User- and Group-Ownership

If a user is at the same time the owner of a file and a member of the owning group, then the permissions of the owner override those of the group. If an owner who is also group-owner is not granted a permission by ownership, but is granted that permission by ownergroup membership, then the owner effectively does not have that permission. On the other hand, if an owner who is also group-owner is granted a permission by ownership while group ownership does not grant the permission, the user is granted the permission.

To test this, create a directory „/tmp/testdir“ owned by user „user1“ and group „user1“. The user „user1“ is at the same time owner and group owner of that directory:

sudo mkdir /tmp/testdir
sudo chown user1:user1 /tmp/testdir

Next, assign the following permissions to „/tmp/testdir“: The owner has no permissions, the owning group has all permissions, others have no permissions:

sudo chmod 070 /tmp/testdir

Assume the identity of „user1“ and attempt to create a file in the test directory:

sudo -u user1 touch /tmp/testdir/test
touch: cannot touch '/tmp/testdir/test': Permission denied

Next, change the permissions on the test directory, so that the owner has all permissions and the owning group and others have none:

sudo chmod 700 /tmp/testdir

Attempting to create a file in the test directory as the owner will succeed:

sudo -u user1 touch /tmp/testdir/test

Read permissions of the owner also override those of the group owner. To test this is left as an exercise to the reader.