Users with search access to the directories in the path name and,
for some options, read access to the directories can check a file's
security information, including the access permissions. They do not
need read access to the file being checked. Programs can also check
security information for files.
To check the security information, do one of the following:
- Use the ISPF shell
- Enter the ls -l or ls -E shell command.
- Run a stat() or fstat() callable service in a program.
In response, the system displays the user ID and the RACF® group name that correspond to the file's
UID and GID. The system displays the UID and GID only if it cannot
find the corresponding user ID and RACF group
name.
For
ls -l, the permission bits appear as 11 characters. tfffgggoooa
The characters in this format mean:
Table 1. Explanation
of the characters in tfffggoooa format. This table lists
the meanings of each character.Character |
Meaning |
---|
t |
Identifies the type of file or directory: - —
- Regular file
- b
- Block special file (not supported for z/OS UNIX )
- c
- Character special file
- d
- Directory
- e
- External link
- l
- Symbolic link
- p
- FIFO special file
- s
- Socket file type
|
fff |
Owner permissions- First character: Read access
- Second character: Write access
- Third character: Execute or, for a directory, search
|
ggg |
Group permissions- First character: Read access
- Second character: Write access
- Third character: Execute or, for a directory, search
|
ooo |
Other permissions- First character: Read access
- Second character: Write access
- Third character: Execute or, for a directory, search
|
a |
If 'a' is a plus sign, then the file contains extended ACL
entries. Use the getfacl command to display the
ACL entries. |
The permissions
fff,
ggg, and
ooo are displayed
as:
Table 2. Explanation of the characters in fff,
ggg, and ooo format. This table lists the meanings and
position for each character for the fff permission.Character |
Position |
Meaning |
---|
– |
Any |
No access |
r |
First |
Read access |
w |
Second |
Write access |
x |
Third |
Execute (or, for a directory, search) |
s
S
|
Third (owner only)
Third (owner only)
|
Execute permission for owner, set-user-ID
set
No execute permission for owner, set-user-ID set
|
s
S
|
Third (group only)
Third (group only)
|
Execute permission for group, set-group-ID
set
No execute permission for group, set-group-ID set
|
t
T
|
Third (other only)
Third (other only)
|
Execute permission for other, sticky bit
set
No execute permission for other, with sticky bit set
|
For example, rwx means read, write, and execute
permission. Permission for a directory is often r-x,
which means read and search. If a plus sign follows the permissions,
then the file contains extended ACL entries. Use the getfacl command
to display the ACL entries.
If you issue
ls –E, it displays extended attributes
for regular files. An additional four characters follow the original
10 characters:total 11
-rwxr-xr-x+ -ps- 1 ROOT SYS1 101 Mar 12 19:32 her
-rwxrwxrwx a-s- 1 ROOT SYS1 654 Mar 12 19:32 test
-rwxr-xr-x a--- 1 ROOT SYS1 40 Mar 12 19:32 temp
-rwxr--r-- ap-l 1 ROOT SYS1 572 Mar 12 19:32 foo
-rwxr--r-- --sl 1 ROOT SYS1 640 Mar 12 19:33 abc
- a
- The program runs APF-authorized if linked AC=1.
- p
- The program is considered program controlled.
- s
- The program is enabled to run in a shared address space.
- l
- The program is considered a system-shared library object
- —
- The extended attribute is not set.