Part of the cleverness of Unix permissions (a little thought)

March 15, 2012

Ever since it's become popular to add various sorts of advanced permissions schemes to Unixes (ACLs, for example), it's struck me that part of the genius of Unix permissions is that they are short.

I don't particularly mean short in storage terms (although that didn't hurt Unix in the early days). I mean short more in the sense of 'simple'; Unix permissions are simple enough that they have a short, clear representation. You can describe the basic access permissions for a file with three relatively short strings (the actual permissions plus who the owner and group of the file is), and these strings are mostly self-contained.

(You don't necessarily know who is in the group without running a command.)

I think that this shortness is an important part of why Unix permissions work relatively well. Short permissions are easy to display (which means that they can be displayed routinely, for example in 'ls -l' output) and relatively easy to understand. Because they are simple, they have few surprising interactions. I'll even go so far as to say that short, simple permissions are relatively easy to manipulate.

(There are aspects of Unix permissions that are not easy to understand and predict, things like what even the permission bits mean on directories, what the various obscure permission bits mean on everything, and so on. But I tend to think that this just adds complexity around the edges, not in the center.)

Written on 15 March 2012.
« The right way to do wikitext transitions
Parsing versus rewriting: how to tell them apart »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Mar 15 23:36:48 2012
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.