Determining User Access on a Linux Filesystem with „Classic Permissions“

Simultaneous User- and Group-Ownership

If a user is at the same time the owner of a file and a member of the owning group, then the permissions of the owner override those of the group. If an owner who is also group-owner is not granted a permission by ownership, but is granted that permission by owner-group membership, then the owner effectively does not have that permission. On the other hand, if an owner who is also group-owner is granted a permission by ownership while group ownership does not grant the permission, the user is granted the permission.

To test this, create a directory „/tmp/testdir“ owned by user „user1“ and group „user1“. The user „user1“ is at the same time owner and group owner of that directory:

sudo mkdir /tmp/testdir
sudo chown user1:user1 /tmp/testdir

Next, assign the following permissions to „/tmp/testdir“: The owner has no permissions, the owning group has all permissions, others have no permissions:

sudo chmod 070 /tmp/testdir

Assume the identity of „user1“ and attempt to create a file in the test directory:

sudo -u user1 touch /tmp/testdir/test
touch: cannot touch '/tmp/testdir/test': Permission denied

Next, change the permissions on the test directory, so that the owner has all permissions and the owning group and others have none:

sudo chmod 700 /tmp/testdir

Attempting to create a file in the test directory as the owner will succeed:

sudo -u user1 touch /tmp/testdir/test

Read permissions of the owner also override those of the group owner. To test this is left as an exercise to the reader.