keithw$ ls -l
-rw-r--r-- 1 keithw keithw 6677 Apr 5 2006 ab.php
The permissions are read+write for the owner, read for the group, and read for everyone else.
In addition to the standard permissions (rwx), there are three special permissions that can be set for a file or directory: suid, sgid, and sticky bit.
this special permission allows the file to be executed with the security permissions of the file owner instead of the permission of the user who ran the program. This can be a source of security problems. Some daemons run as suid root. The suid permission is seen as an "S" in the user executable position a long directory listing (ls -l). Has no effect if the file is not executable.
To set the suid permission:
chmod u+s filename
this special permission allows the file to be run with the security permissions of the group instead of the permission of the user who ran the program. This can be a source of security problems. The sgid permission is seen as an "S" in the group executable position in a long directory listing (ls -l). Has no effect if the file is not executable.
To set the sgid permission:
chmod g+s filename
note: If sgid is set on a directory, any file created within that directory will have the same group owner assigned as the directory. Useful when a group of users is sharing the same directory.sticky bit on a directory
Prevents any files in a directory from being deleted by anyone but the owner of that file. Often used on the /tmp directory. Good to prevent accidental deletions by rm * commands. The sticky bit is seen as a t in the other executable position in a long directory listing (ls -l). Setting the sticky bit on a file is ignored.
To set the sticky bit:
chmod u+t dirname
note: in Linux, the option is set using the "other" permissions instead of "user":
chmod o+t dirname
In both cases, the "t" appears in the other executable position:
drwxr-xr-t 2 keithw keithw 68 Jul 26 09:02 test
Finally, Unix permissions are not the end of the story. The OS X file system can also use Access Control Lists stored in extended attributes to give you more fine grained access control. You can view extended attributes using the -e option of the ls command. See the chmod and ls man pages for more details.