Linux File Permissions & Access Control Query

Let's say I am user bob in group users. There's this file:

-rw----r--  1 root users     4 May  8 22:34 testfile

First question:
Why can't bob read the file as it's readable by others? Is it simply that if you are denied by group, then you are auto-blacklisted for others? I always assumed that the final 3 bits too precedence over user/group permission bits, guess I was wrong…

Second question:
How is this implemented? I suppose it's linked to the first query, but how does this work in relation to Access Control, is it related to how ACLs work / are queried? Just trying to understand how these 9 permission bits are actually implemented/used in Linux.

Thanks alot.

Best Answer

The answer is that the most specific permission which apply to a user take precedence.

User bits govern if they apply to the user requesting access.
Group bits apply if the user is not the owner but is in the group.
Other bits apply only if the first two sets do not.

So it's not the union of the permissions but rather a precedence from specific to generic.

Best Answer

Related Solutions

What permissions on /var/mail directory

Related Question