- 1Introduction
- 2Classic Permissions
- 3Simultaneous User- and Group-Ownership
- 4Restricted Delegation
- 5Absolute Paths and Path Components
- 6Directory Write-Permissions
- 7Directory Execute-Permissions
- 8Symbolic Links
- 9Hard Links
- 10"Does User X have Access to File Y?"
- 11Observations and Caveats
- 12A Partial Test Procedure
Simultaneous User- and Group-Ownership
If a user is at the same time the owner of a file and a member of the owning group, then the permissions of the owner override those of the group. If an owner who is also group-owner is not granted a permission by ownership, but is granted that permission by owner-group membership, then the owner effectively does not have that permission. On the other hand, if an owner who is also group-owner is granted a permission by ownership while group ownership does not grant the permission, the user is granted the permission.
To test this, create a directory „/tmp/testdir“ owned by user „user1“ and group „user1“. The user „user1“ is at the same time owner and group owner of that directory:
sudo mkdir /tmp/testdir
sudo chown user1:user1 /tmp/testdir
Next, assign the following permissions to „/tmp/testdir“: The owner has no permissions, the owning group has all permissions, others have no permissions:
sudo chmod 070 /tmp/testdir
Assume the identity of „user1“ and attempt to create a file in the test directory:
sudo -u user1 touch /tmp/testdir/test
touch: cannot touch '/tmp/testdir/test': Permission denied
Next, change the permissions on the test directory, so that the owner has all permissions and the owning group and others have none:
sudo chmod 700 /tmp/testdir
Attempting to create a file in the test directory as the owner will succeed:
sudo -u user1 touch /tmp/testdir/test
Read permissions of the owner also override those of the group owner. To test this is left as an exercise to the reader.