# Let's first look at how standard UNIX permissions are encoded in
# the user interface. We will look at the underlying numeric
# representation later on.

set -x
touch file.txt

# We have created an empty file, so that we can look at the
# permissions it has.  The encoding might seem odd at first, so
# let's explain how it works.

ls -l file.txt

# The first column of the output from ‹ls -l› shows the permissions,
# and it reads ‹-rw-r--r--›. This is the ‘human readable’ encoding
# of UNIX permission bits.  The first dash is for file type, dash
# meaning a regular file (‹d› would mean a directory, ‹l› a symlink,
# and so on). However, what follows is more interesting for us now.

# The remaining 9 letters form 3 groups of 3 letters each, like
# this: ‹rw-›, ‹r--› and ‹r--› again. Each of the letter groups
# encodes access rights of a particular set of users: the first
# belongs to the owner of the file (in this case, ourselves), the
# second belongs to the owning group and the last triplet applies to
# all users that do not belong to the owning group of the file.

# The ‹r› indicates reading, while ‹w› indicates writing: the owner
# (us) can read and write the file, while both remaining sets of
# users can only read the file. The third common letter is ‹x› and
# denotes the ability to execute the file (as a program). The
# letters have fixed positions: ‹r› always comes in the first
# position, ‹w› in the second and ‹x› in the third. A dash (‹-›) in
# the corresponding position means this particular right is denied.
# We can check:

ls -l /bin/echo

# The owner of /bin/echo is ‹root› and the owning group is also
# ‹root› (those are the third and fourth columns of the output
# above). The permission bits are ‹rwx› (the owner can read, write
# and execute the file), ‹r-x› (the ‹root› group can read and
# execute, but not write) and again ‹r-x› (in this case, this
# applies to us). Specifically, we are not allowed to write into
# ‹/bin/echo›:

echo hello > /bin/echo # fails with a permission error

# However, we could read and execute it. Let's try the latter:

/bin/echo hello # this works okay

# Finally, let's double-check that ‹file.txt› cannot be executed (it
# lacks any ‹x› bits):

./file.txt

# Let's try changing some permission bits now (in ‹chmod.sh›).