File system permissions
Encyclopedia
Most current file system
s have methods of administering permissions or access rights to specific users
and groups of users. These systems control the ability of the users to view or make changes to the contents of the filesystem.
and otherwise POSIX
-compliant systems, including Linux
-based systems and all Mac OS X
versions, have a simple system for managing individual file permissions, which in this article are called "traditional Unix permissions". Most of these systems also support some kind of access control list
s, either proprietary (old HP-UX ACL
s, for example), or POSIX.1e ACLs, based on an early POSIX draft that was abandoned, or NFSv4 ACLs, which are part of the NFSv4 standard.
DOS
variants (including MS-DOS
, Windows 95
, Windows 98
, and Windows Me
) do not have permissions, only file attribute
s. There is a read-only attribute (R), which can be set or unset on a file by any user or program, and therefore does not prevent him/her from changing/deleting the file. There is no permission in these systems which would keep a user from reading a file.
OpenVMS
(a.k.a. VMS), as well as Microsoft Windows NT
and its derivatives (including Windows 2000
and Windows XP
), use access control list
s (ACLs) to administer a more complex and varied set of permissions. OpenVMS
also uses a permission scheme similar to that of Unix, but more complex. There are four categories(System, Owner, Group, and World) and four types of access permissions (Read, Write, Execute, and Delete). The categories are not mutually disjoint: World includes Group which in turn includes Owner. The System category independently includes system users (similar to superusers in Unix).
Classic Mac
OSes are similar to DOS variants and DOS-based Windows: they do not support permissions, but only a "Protected" file attribute.
The AmigaOS Filesystem, AmigaDOS
supports a relatively advanced permissions system, for a single-user OS. In AmigaOS 1.x, files had Archive, Read, Write, Execute and Delete (collectively known as ARWED) permissions/flags. In AmigaOS 2.x and higher, additional Hold, Script, and Pure permissions/flags were added.
Mac OS X
versions 10.3 ("Panther") and prior use POSIX-compliant permissions. Mac OS X, beginning with version 10.4 ("Tiger"), also support the use of NFSv4 ACLs. They still support "traditional Unix permissions" as used in previous versions of Mac OS X, and the Apple Mac OS X Server version 10.4+ File Services Administration Manual recommends using only traditional Unix permissions if possible. It also still supports the Mac OS Classic's "Protected" attribute.
Solaris ACL support depends on the filesystem being used; older UFS
filesystem supports POSIX.1e ACLs, while ZFS
supports only NFSv4 ACLs.
Linux
supports POSIX.1e ACLs. There is experimental support for NFSv4 ACLs for ext3
filesystem.
FreeBSD
supports POSIX.1e ACLs on UFS, and NFSv4 ACLs on UFS and ZFS.
IBM z/OS implements file security via RACF (Resource Access Control Facility)
systems are managed in three distinct classes. These classes are known as user, group, and others. In effect, Unix permissions are a simplified form of access control list
s (ACLs).
When a new file is created on a Unix-like system, its permissions are determined from the umask
of the process that created it.
and directories
are owned by a user. The owner determines the file's owner class. Distinct permissions apply to the owner.
Files and directories are assigned a group, which define the file's group class. Distinct permissions apply to members of the file's group members. The owner doesn't need to be a member of the file's group.
Users who are not the owner, nor a member of the group, comprise a file's others class. Distinct permissions apply to others.
The effective permissions are determined based on the user's class. For example, the user who is the owner of the file will have the permissions given to the owner class regardless of the permissions assigned to the group class or others class.
systems that apply to each class:
The effect of setting the permissions on a directory (rather than a file) is "one of the most frequently misunderstood file permission issues".
When a permission is not set, the rights it would grant are denied. Unlike ACL-based systems, permissions on a Unix-like system are not inherited. Files created within a directory will not necessarily have the same permissions as that directory.
The first character indicates the file type
:
Each class of permissions is represented by three characters. The first set of characters represents the user class. The second set represents the group class. The third and final set of three characters represents the others class.
Each of the three characters represent the read, write, and execute permissions respectively:
The following are some examples of symbolic notation:
notation. Octal notation consists of a three- or four-digit base-8 value.
With three-digit octal notation, each numeral represents a different component of the permission set: user class, group class, and "others" class respectively.
Each of these digits is the sum of its component bits (see also Binary numeral system
). As a result, specific bits add to the sum as it is represented by a numeral:
These values never produce ambiguous combinations; each sum represents a specific set of permissions.
These are the examples from the Symbolic notation section given in octal notation:
Here is a summary of the meanings for individual octal digit values:
0 --- no permission
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read, write and execute
Note the similarity to binary counting (starting at the right and going left):
0: 000
1: 001
2: 010
3: 011
4: 100
5: 101
6: 110
7: 111
Octal digit values can be added together to make Symbolic Notations:
(4=r)+(1=x) (5=r-x)
(6=rw-)
(4=r)+(2=w)+(1=x) (7=rwx)
Here is a summary showing which octal digits affect permissions for user, group, and other:
stat -c '%n %a %A' can be used to print out octal notation.
User private group
Some systems diverge from the traditional POSIX-model of users and groups, by creating a new group – a "user private group" – for each user.
The "user private group" scheme can be preferred for a variety of reasons including using a umask of 002 and not having every "user" able to write to newly created files. In this case however, no other users must be added to the "user private group" or they will have write-permission on all files.
See also
External links
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
s have methods of administering permissions or access rights to specific users
User (computing)
A user is an agent, either a human agent or software agent, who uses a computer or network service. A user often has a user account and is identified by a username , screen name , nickname , or handle, which is derived from the identical Citizen's Band radio term.Users are...
and groups of users. These systems control the ability of the users to view or make changes to the contents of the filesystem.
Differences between operating systems
Unix-likeUnix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
and otherwise POSIX
POSIX
POSIX , an acronym for "Portable Operating System Interface", is a family of standards specified by the IEEE for maintaining compatibility between operating systems...
-compliant systems, including Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
-based systems and all Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
versions, have a simple system for managing individual file permissions, which in this article are called "traditional Unix permissions". Most of these systems also support some kind of access control list
Access control list
An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
s, either proprietary (old HP-UX ACL
Access control list
An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
s, for example), or POSIX.1e ACLs, based on an early POSIX draft that was abandoned, or NFSv4 ACLs, which are part of the NFSv4 standard.
DOS
DOS
DOS, short for "Disk Operating System", is an acronym for several closely related operating systems that dominated the IBM PC compatible market between 1981 and 1995, or until about 2000 if one includes the partially DOS-based Microsoft Windows versions 95, 98, and Millennium Edition.Related...
variants (including MS-DOS
MS-DOS
MS-DOS is an operating system for x86-based personal computers. It was the most commonly used member of the DOS family of operating systems, and was the main operating system for IBM PC compatible personal computers during the 1980s to the mid 1990s, until it was gradually superseded by operating...
, Windows 95
Windows 95
Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products...
, Windows 98
Windows 98
Windows 98 is a graphical operating system by Microsoft. It is the second major release in the Windows 9x line of operating systems. It was released to manufacturing on 15 May 1998 and to retail on 25 June 1998. Windows 98 is the successor to Windows 95. Like its predecessor, it is a hybrid...
, and Windows Me
Windows Me
Windows Millennium Edition, or Windows Me , is a graphical operating system released on September 14, 2000 by Microsoft, and was the last operating system released in the Windows 9x series. Support for Windows Me ended on July 11, 2006....
) do not have permissions, only file attribute
File attribute
A file attribute is metadata that describes or is associated with a computer file. For example, an operating system often keeps track of the date a file was created and last modified, as well as the file's size and extension . File permissions are also kept track of...
s. There is a read-only attribute (R), which can be set or unset on a file by any user or program, and therefore does not prevent him/her from changing/deleting the file. There is no permission in these systems which would keep a user from reading a file.
OpenVMS
OpenVMS
OpenVMS , previously known as VAX-11/VMS, VAX/VMS or VMS, is a computer server operating system that runs on VAX, Alpha and Itanium-based families of computers. Contrary to what its name suggests, OpenVMS is not open source software; however, the source listings are available for purchase...
(a.k.a. VMS), as well as Microsoft Windows NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
and its derivatives (including Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
and Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
), use access control list
Access control list
An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
s (ACLs) to administer a more complex and varied set of permissions. OpenVMS
OpenVMS
OpenVMS , previously known as VAX-11/VMS, VAX/VMS or VMS, is a computer server operating system that runs on VAX, Alpha and Itanium-based families of computers. Contrary to what its name suggests, OpenVMS is not open source software; however, the source listings are available for purchase...
also uses a permission scheme similar to that of Unix, but more complex. There are four categories(System, Owner, Group, and World) and four types of access permissions (Read, Write, Execute, and Delete). The categories are not mutually disjoint: World includes Group which in turn includes Owner. The System category independently includes system users (similar to superusers in Unix).
Classic Mac
Mac OS history
On January 24, 1984, Apple Computer Inc. introduced the Macintosh personal computer, with the Macintosh 128K model, which came bundled with what was later renamed the Mac OS, but then known simply as the System Software....
OSes are similar to DOS variants and DOS-based Windows: they do not support permissions, but only a "Protected" file attribute.
The AmigaOS Filesystem, AmigaDOS
AmigaDOS
AmigaDOS is the disk operating system of the AmigaOS, which includes file systems, file and directory manipulation, the command-line interface, and file redirection....
supports a relatively advanced permissions system, for a single-user OS. In AmigaOS 1.x, files had Archive, Read, Write, Execute and Delete (collectively known as ARWED) permissions/flags. In AmigaOS 2.x and higher, additional Hold, Script, and Pure permissions/flags were added.
Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
versions 10.3 ("Panther") and prior use POSIX-compliant permissions. Mac OS X, beginning with version 10.4 ("Tiger"), also support the use of NFSv4 ACLs. They still support "traditional Unix permissions" as used in previous versions of Mac OS X, and the Apple Mac OS X Server version 10.4+ File Services Administration Manual recommends using only traditional Unix permissions if possible. It also still supports the Mac OS Classic's "Protected" attribute.
Solaris ACL support depends on the filesystem being used; older UFS
Unix File System
The Unix file system is a file system used by many Unix and Unix-like operating systems. It is also called the Berkeley Fast File System, the BSD Fast File System or FFS...
filesystem supports POSIX.1e ACLs, while ZFS
ZFS
In computing, ZFS is a combined file system and logical volume manager designed by Sun Microsystems. The features of ZFS include data integrity verification against data corruption modes , support for high storage capacities, integration of the concepts of filesystem and volume management,...
supports only NFSv4 ACLs.
Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
supports POSIX.1e ACLs. There is experimental support for NFSv4 ACLs for ext3
Ext3
The ext3 or third extended filesystem is a journaled file system that is commonly used by the Linux kernel. It is the default file system for many popular Linux distributions, including Debian...
filesystem.
FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
supports POSIX.1e ACLs on UFS, and NFSv4 ACLs on UFS and ZFS.
IBM z/OS implements file security via RACF (Resource Access Control Facility)
Traditional Unix permissions
Permissions on Unix-likeUnix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
systems are managed in three distinct classes. These classes are known as user, group, and others. In effect, Unix permissions are a simplified form of access control list
Access control list
An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
s (ACLs).
When a new file is created on a Unix-like system, its permissions are determined from the umask
Umask
umask is a command and a function in POSIX environments that sets the file mode creation mask of the current process which limits the permission modes for files and directories created by the process...
of the process that created it.
Classes
FilesComputer file
A computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished...
and directories
Directory (file systems)
In computing, a folder, directory, catalog, or drawer, is a virtual container originally derived from an earlier Object-oriented programming concept by the same name within a digital file system, in which groups of computer files and other folders can be kept and organized.A typical file system may...
are owned by a user. The owner determines the file's owner class. Distinct permissions apply to the owner.
Files and directories are assigned a group, which define the file's group class. Distinct permissions apply to members of the file's group members. The owner doesn't need to be a member of the file's group.
Users who are not the owner, nor a member of the group, comprise a file's others class. Distinct permissions apply to others.
The effective permissions are determined based on the user's class. For example, the user who is the owner of the file will have the permissions given to the owner class regardless of the permissions assigned to the group class or others class.
Permissions
There are three specific permissions on Unix-likeUnix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
systems that apply to each class:
- The read permission, which grants the ability to read a file. When set for a directory, this permission grants the ability to read the names of files in the directory (but not to find out any further information about them such as contents, file type, size, ownership, permissions, etc.)
- The write permission, which grants the ability to modify a file. When set for a directory, this permission grants the ability to modify entries in the directory. This includes creating files, deleting files, and renaming files.
- The execute permission, which grants the ability to execute a file. This permission must be set for executable binaries (for example, a compiled C++ program) or shell scripts (for example, a Perl program) in order to allow the operating system to run them. When set for a directory, this permission grants the ability to traverse its tree in order to access files or subdirectories, but not see the content of files inside the directory (unless read is set).
The effect of setting the permissions on a directory (rather than a file) is "one of the most frequently misunderstood file permission issues".
When a permission is not set, the rights it would grant are denied. Unlike ACL-based systems, permissions on a Unix-like system are not inherited. Files created within a directory will not necessarily have the same permissions as that directory.
Symbolic notation
There are many ways by which Unix permission schemes are represented. The most common form is symbolic notation.| Three groups of three | |
|---|---|
| first | what the owner can do |
| second | what the group members can do |
| third | what other users can do |
| The triplet | |
| first | r: readable. |
| second | w: writable. |
| third | x: executable. s or t: executable and setuid Setuid setuid and setgid are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group... /setgid/sticky Sticky bit In computing, the sticky bit is an access-right flag that can be assigned to files and directories on Unix systems.-History:The sticky bit was introduced in the Fifth Edition of Unix in 1974 for use with pure executable files. When set, it instructed the operating system to retain the text segment... . S or T: setuid/setgid or sticky, but not executable. |
The first character indicates the file type
Unix file types
For normal files in the file system, Unix does not impose or provide any internal file structure.This implies that from the point of view of the operating system, there is only one file type....
:
- - denotes a regular file
- d denotes a directoryDirectory (file systems)In computing, a folder, directory, catalog, or drawer, is a virtual container originally derived from an earlier Object-oriented programming concept by the same name within a digital file system, in which groups of computer files and other folders can be kept and organized.A typical file system may...
- b denotes a block special file
- c denotes a character special file
- l denotes a symbolic linkSymbolic linkIn computing, a symbolic link is a special type of file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution. Symbolic links were already present by 1978 in mini-computer operating systems from DEC and Data...
- p denotes a named pipeNamed pipeIn computing, a named pipe is an extension to the traditional pipe concept on Unix and Unix-like systems, and is one of the methods of inter-process communication. The concept is also found in Microsoft Windows, although the semantics differ substantially...
- s denotes a domain socketUnix domain socketA Unix domain socket or IPC socket is a data communications endpoint for exchanging data between processes executing within the same host operating system. While similar in functionality to...
Each class of permissions is represented by three characters. The first set of characters represents the user class. The second set represents the group class. The third and final set of three characters represents the others class.
Each of the three characters represent the read, write, and execute permissions respectively:
- r if the read bit is set, - if it is not.
- w if the write bit is set, - if it is not.
- x if the execute bit is set, - if it is not.
The following are some examples of symbolic notation:
-rwxr-xr-xfor a regular file whose user class has full permissions and whose group and others classes have only the read and execute permissions.crw-rw-r--for a character special file whose user and group classes have the read and write permissions and whose others class has only the read permission.dr-x------for a directory whose user class has read and execute permissions and whose group and others classes have no permissions.
Octal notation
Another common method for representing Unix permissions is octalOctal
The octal numeral system, or oct for short, is the base-8 number system, and uses the digits 0 to 7. Numerals can be made from binary numerals by grouping consecutive binary digits into groups of three...
notation. Octal notation consists of a three- or four-digit base-8 value.
With three-digit octal notation, each numeral represents a different component of the permission set: user class, group class, and "others" class respectively.
Each of these digits is the sum of its component bits (see also Binary numeral system
Binary numeral system
The binary numeral system, or base-2 number system, represents numeric values using two symbols, 0 and 1. More specifically, the usual base-2 system is a positional notation with a radix of 2...
). As a result, specific bits add to the sum as it is represented by a numeral:
- The read bit adds 4 to its total (in binary 100),
- The write bit adds 2 to its total (in binary 010), and
- The execute bit adds 1 to its total (in binary 001).
These values never produce ambiguous combinations; each sum represents a specific set of permissions.
These are the examples from the Symbolic notation section given in octal notation:
- "-rwxr-xr-x" would be represented as 755 in three-digit octal.
- "-rw-rw-r--" would be represented as 664 in three-digit octal.
- "-r-x------" would be represented as 500 in three-digit octal.
Here is a summary of the meanings for individual octal digit values:
0 --- no permission
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read, write and execute
Note the similarity to binary counting (starting at the right and going left):
0: 000
1: 001
2: 010
3: 011
4: 100
5: 101
6: 110
7: 111
Octal digit values can be added together to make Symbolic Notations:
(4=r)+(1=x)
(5=r-x)
(4=r)+(2=w)
(6=rw-)(4=r)+(2=w)+(1=x) (7=rwx)
Here is a summary showing which octal digits affect permissions for user, group, and other:
- UGO = User, Group, Other
- 777 = "-rwxrwxrwx" = rwx for all
- 754 = "-rwxr-xr--" = rwx for owner, r-x for group, r-- for other
- 124 = "--x-w-r--" = x for owner, w for group, r for other
Listing Permissions
ls -l prints symbolic notation for files and directories.stat -c '%n %a %A' can be used to print out octal notation.
User private group
Some systems diverge from the traditional POSIX-model of users and groups, by creating a new group – a "user private group" – for each user.
The "user private group" scheme can be preferred for a variety of reasons including using a umask of 002 and not having every "user" able to write to newly created files. In this case however, no other users must be added to the "user private group" or they will have write-permission on all files.
See also
- Access control listAccess control listAn access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
- chattrChattrchattr is a command in the Linux operating system that allows a user to set certain attributes on a file residing on an ext2-based filesystem. chflags is the analogous command on modern BSD systems, including Mac OS X. The commands are similar to the attrib command on DOS, OS/2 and Microsoft Windows...
- chmodChmodThe chmod command is a Unix command that lets a user tell the system how much access it should permit to a file. It changes the file system modes of files and directories. The modes include permissions and special modes...
, the command used to set permissions on Unix-like systems
- File systemFile systemA file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
- Group identifier (Unix)Group identifier (Unix)In Unix-like systems, multiple users can be categorized into groups. POSIX and conventional Unix file system permissions are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks,...
- lsattrLsattrlsattr is a command-line program for listing the attributes on a Linux second extended file system . It is also a command to display attributes of devices on an AIX operating system.-Options:The form of the lsattr command :...
- POSIXPOSIXPOSIX , an acronym for "Portable Operating System Interface", is a family of standards specified by the IEEE for maintaining compatibility between operating systems...
- User identifier (Unix)User identifier (Unix)Unix-like operating systems identify users within the kernel by an unsigned integer value called a user identifier, often abbreviated to UID or User ID...
External links
Access control list
An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
Chattr
chattr is a command in the Linux operating system that allows a user to set certain attributes on a file residing on an ext2-based filesystem. chflags is the analogous command on modern BSD systems, including Mac OS X. The commands are similar to the attrib command on DOS, OS/2 and Microsoft Windows...
Chmod
The chmod command is a Unix command that lets a user tell the system how much access it should permit to a file. It changes the file system modes of files and directories. The modes include permissions and special modes...
, the command used to set permissions on Unix-like systems
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
Group identifier (Unix)
In Unix-like systems, multiple users can be categorized into groups. POSIX and conventional Unix file system permissions are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks,...
Lsattr
lsattr is a command-line program for listing the attributes on a Linux second extended file system . It is also a command to display attributes of devices on an AIX operating system.-Options:The form of the lsattr command :...
POSIX
POSIX , an acronym for "Portable Operating System Interface", is a family of standards specified by the IEEE for maintaining compatibility between operating systems...
User identifier (Unix)
Unix-like operating systems identify users within the kernel by an unsigned integer value called a user identifier, often abbreviated to UID or User ID...
- Apple Mac OS X Server version 10.4+ File Services Administration Manual (see pages 16-26)
- "Linux File Permission Confusion" by Brian Hatch 2003.
- "Linux File Permission Confusion pt 2" by Brian Hatch 2003.
- The Linux Cookbook: Groups and How to Work in Them by Michael Stutz 2004