File ownership and protection

Every file in the system has an owner - usually the user who created the file. It's usually undesirable for users to be able to do things to files owned by other users - you don't want other people copying your labwork, and you certainly don't want them to be able to delete it! As a result, all decent operating systems have a notion of file protection. Each file has associated with it a set of permissions which determines the types of things that users can do with the file. There are 4 sorts of permission in UNIX:

Read permission

A user needs read permission to look at the contents of a file. So you can't look at another student's labwork because you don't have read permission.

Write permission

A user needs write permission to modify or delete a file.

Execute permission

In order to run a program, you need execute permission on the file containing the (object) program.

Search permission

Applies to directories only. You need this to look in a directory, so even if you have permission to do something to a file, you can't actually get at it without search permission on the directory containing it.

It might appear that you should have all four sorts of permission on your own files and none on anybody else's. However, there are a number of exceptions to this:

• Many of the files on the system need to be readable by everybody (for example, the manual pages displayed by the man command) or executable by everybody (all the generally used programs such as the chess program, and utilities such as ls, more, etc.)
• It is often convenient to make information available to others by having files readable by everybody or readable by some group of people. In order to do this you have to make the directories searchable as well.
• It is sometimes convenient to make a file generally writable. An example of this is a calendar from which people edit out dates on which they are unavailable in order to determine when everybody can make some social event.

To accommodate these sorts of things, the owner of a file can change its permissions, for the user him/herself, for a group of people, or for everybody.

By default, many of the files in the system are publicly readable or executable as appropriate, and you are welcome to read anything publicly readable or execute anything publicly executable. However, by default you cannot read files owned by other users. This implies that labwork can only be copied with the consent of the person from whom it is being copied - so arguments about who copied from whom will be irrelevant. The only exception to this would be a very serious case of hacking.

One user, called the superuser or root has the ability to read, write and execute all files. For obvious reasons, students do not get to be superusers!