Recall that the operating system normally decides access permission for
a file based on the effective user and group IDs of the process and its
supplementary group IDs, together with the file's owner, group and
permission bits. These concepts are discussed in detail in Process Persona.
If the effective user ID of the process matches the owner user ID of the
file, then permissions for read, write, and execute/search are
controlled by the corresponding “user” (or “owner”) bits. Likewise,
if any of the effective group ID or supplementary group IDs of the
process matches the group owner ID of the file, then permissions are
controlled by the “group” bits. Otherwise, permissions are controlled
by the “other” bits.
Privileged users, like `root', can access any file regardless of
its permission bits. As a special case, for a file to be executable
even by a privileged user, at least one of its execute bits must be set.
Published under the terms of the GNU General Public License