mode.h File

Purpose

Defines the interpretation of a file mode.

Description

This version of the operating system supports a 32-bit mode, which is divided into 3 parts. The 16 most significant bits are reserved by the system. The least significant 16 bits define the type of file (S_IFMT) and the permission bits. The 12 permission bits can be changed by using the chmod or chacl subroutine. The file type cannot be changed.

File-Type Bits

The file type determines the operations that can be applied to the file (including implicit operations, such as searching a directory or following a symbolic link). The file type is established when the file is created, and cannot be changed. The following file types are supported:

Item Description
S_IFDIR Defines a directory.
S_IFREG Defines a regular file.
S_IFIFO Defines a pipe.
S_IFCHR Defines a character device.
S_IFBLK Defines a block device.
S_IFLNK Defines a symbolic link.
S_IFSOCK Defines a socket.

The S_IFMT format mask constant can be used to mask off a file type from the mode.

File-Attribute Bits

The file-attribute bits affect the interpretation of a particular file. With some restrictions, file attributes can be changed by the owner of a file or by a privileged user. The file-attribute bits are:

Item Description
Attribute Description

S_ISUID Bit

Item Description
setuid When a process runs a regular file that has the S_ISUID bit set, the effective user ID of the process is set to the owner ID of the file. The setuid attribute can be set only by a process on a trusted path. If the file or its access permissions are altered, the S_ISUID bit is cleared.

S_ISGID (S_ENFMT) Bit

Item Description
setgid When a process runs a regular file that has both the S_ISGID bit and the S_IXGRP permission bit set, the effective user ID of the process is set to the group ID of the file. The setgid attribute can be set only by a process on a trusted path. If the owner is establishing this attribute, the group of the file must be the effective group ID or in the supplementary group ID of the process. If the file or its access permissions are altered, the S_ISGID bit is cleared.
enforced locking If a regular file has the S_ISGID bit set and the S_IXGRP permission bit cleared, locks placed on the file with the lockfx subroutine are enforced locks.

S_IFMPX Bit

Item Description
multiplexed A character device with the S_IFMPX attribute bit set is a multiplexed device. This attribute is established when the device is created.

S_ISVTX Bit

Item Description
sticky If a directory has the S_SVTX bit set, only the owner of the file or the owner of the directory can remove a file from the directory.

S_IXACL Bit

Item Description
access control list Any file that has the S_IXACL bit set can have an extended access control list (ACL). Specifying this bit when setting the mode with the chmod command causes the permission bits information in the mode to be ignored. Extended ACL entries are ignored if this bit is cleared. This bit can be implicitly cleared by the chmod subroutine. The /usr/include/sys/acl.h file defines the format of the ACL.

S_ITCB Bit

Item Description
trusted Any file that has the S_ITCB bit set is part of the Trusted Computing Base (TCB). Only files in the TCB can acquire privilege on a trusted path. Only files in the TCB are run by the trusted shell (which is invoked with the tsh command). This attribute can be established or cleared only by a process running on the trusted path.

S_IJRNL Bit

Item Description
journaled Any file that has the S_IJRNL bit set is defined as a journaled file. Updates to a journaled file are added to a log atomically. All directories and system files have the journaled attribute, which cannot be reset.

S_ICRYPTO Bit

Item Description
encrypted Any file that has the S_ICRYPTO bit set is an encrypted file in an Encrypting File System (EFS).

File-Permission Bits

The file-permission bits control which processes can perform operations on a file. This includes read, write, and execute bits for the file owner, the file group, and the default. These bits should not be used to set access-control information; the ACL should be used instead. The file-permission bits are:

Item Description
S_IRWXU Permits the owner of a file to read, write, and execute the file.
S_IRUSR Permits the owner of a file to read the file.
S_IREAD Permits the owner of a file to read the file.
S_IWUSR Permits the owner of a file to write to the file.
S_IWRITE Permits the owner of a file to write to the file.
S_IXUSR Permits the owner of a file to execute the file or to search the file's directory.
S_IEXEC Permits the owner of a file to execute the file or to search the file's directory.
S_IRWXG Permits a file's group to read, write, and execute the file.
S_IRGRP Permits a file's group to read the file.
S_IWGRP Permits a file's group to write to the file.
S_IXGRP Permits a file's group to execute the file or to search the file's directory.
S_IRWXO Permits others to read, write, and execute the file.
S_IROTH Permits others to read the file.
S_IWOTH Permits others to write to the file.
S_IXOTH Permits others to execute the file or to search the file's directory.