Defines the interpretation of a file mode.
This version of the operating system supports a 32-bit mode, which is divided into 3 parts. The 16 most significant bits are reserved by the system. The least significant 16 bits define the type of file (S_IFMT) and the permission bits. The 12 permission bits can be changed by using the chmod or chacl subroutine. The file type cannot be changed.
File-Type Bits
The file type determines the operations that can be applied to the file (including implicit operations, such as searching a directory or following a symbolic link). The file type is established when the file is created, and cannot be changed. The following file types are supported:
Item | Description |
---|---|
S_IFDIR | Defines a directory. |
S_IFREG | Defines a regular file. |
S_IFIFO | Defines a pipe. |
S_IFCHR | Defines a character device. |
S_IFBLK | Defines a block device. |
S_IFLNK | Defines a symbolic link. |
S_IFSOCK | Defines a socket. |
The S_IFMT format mask constant can be used to mask off a file type from the mode.
File-Attribute Bits
The file-attribute bits affect the interpretation of a particular file. With some restrictions, file attributes can be changed by the owner of a file or by a privileged user. The file-attribute bits are:
Item | Description |
---|---|
Attribute | Description |
S_ISUID Bit
Item | Description |
---|---|
setuid | When a process runs a regular file that has the S_ISUID bit set, the effective user ID of the process is set to the owner ID of the file. The setuid attribute can be set only by a process on a trusted path. If the file or its access permissions are altered, the S_ISUID bit is cleared. |
S_ISGID (S_ENFMT) Bit
Item | Description |
---|---|
setgid | When a process runs a regular file that has both the S_ISGID bit and the S_IXGRP permission bit set, the effective user ID of the process is set to the group ID of the file. The setgid attribute can be set only by a process on a trusted path. If the owner is establishing this attribute, the group of the file must be the effective group ID or in the supplementary group ID of the process. If the file or its access permissions are altered, the S_ISGID bit is cleared. |
enforced locking | If a regular file has the S_ISGID bit set and the S_IXGRP permission bit cleared, locks placed on the file with the lockfx subroutine are enforced locks. |
S_IFMPX Bit
Item | Description |
---|---|
multiplexed | A character device with the S_IFMPX attribute bit set is a multiplexed device. This attribute is established when the device is created. |
S_ISVTX Bit
Item | Description |
---|---|
sticky | If a directory has the S_SVTX bit set, only the owner of the file or the owner of the directory can remove a file from the directory. |
S_IXACL Bit
Item | Description |
---|---|
access control list | Any file that has the S_IXACL bit set can have an extended access control list (ACL). Specifying this bit when setting the mode with the chmod command causes the permission bits information in the mode to be ignored. Extended ACL entries are ignored if this bit is cleared. This bit can be implicitly cleared by the chmod subroutine. The /usr/include/sys/acl.h file defines the format of the ACL. |
S_ITCB Bit
Item | Description |
---|---|
trusted | Any file that has the S_ITCB bit set is part of the Trusted Computing Base (TCB). Only files in the TCB can acquire privilege on a trusted path. Only files in the TCB are run by the trusted shell (which is invoked with the tsh command). This attribute can be established or cleared only by a process running on the trusted path. |
S_IJRNL Bit
Item | Description |
---|---|
journaled | Any file that has the S_IJRNL bit set is defined as a journaled file. Updates to a journaled file are added to a log atomically. All directories and system files have the journaled attribute, which cannot be reset. |
S_ICRYPTO Bit
Item | Description |
---|---|
encrypted | Any file that has the S_ICRYPTO bit set is an encrypted file in an Encrypting File System (EFS). |
File-Permission Bits
The file-permission bits control which processes can perform operations on a file. This includes read, write, and execute bits for the file owner, the file group, and the default. These bits should not be used to set access-control information; the ACL should be used instead. The file-permission bits are:
Item | Description |
---|---|
S_IRWXU | Permits the owner of a file to read, write, and execute the file. |
S_IRUSR | Permits the owner of a file to read the file. |
S_IREAD | Permits the owner of a file to read the file. |
S_IWUSR | Permits the owner of a file to write to the file. |
S_IWRITE | Permits the owner of a file to write to the file. |
S_IXUSR | Permits the owner of a file to execute the file or to search the file's directory. |
S_IEXEC | Permits the owner of a file to execute the file or to search the file's directory. |
S_IRWXG | Permits a file's group to read, write, and execute the file. |
S_IRGRP | Permits a file's group to read the file. |
S_IWGRP | Permits a file's group to write to the file. |
S_IXGRP | Permits a file's group to execute the file or to search the file's directory. |
S_IRWXO | Permits others to read, write, and execute the file. |
S_IROTH | Permits others to read the file. |
S_IWOTH | Permits others to write to the file. |
S_IXOTH | Permits others to execute the file or to search the file's directory. |