Database Reference
In-Depth Information
If you are browsing the database contents through either the Java
Admin Client or the dashboard Collections app, then you may
notice that some permissions strings are prefixed with either a
c
or
-
character. The
c
prefix stands for collection and the
-
prefix
stands for resource (i.e., not a collection). This is similar to per‐
forming an
ls -la
command on a Unix-like system, except that
whereas there
d
denotes a directory, eXist has collections instead of
directories and therefore uses
c
, not
d
. Likewise, if you see a
+
char‐
acter on the end of a permission string when browsing the data‐
base, this implies that the permission incorporates an access
control list (see
“Access Control Lists” on page 156
).
Default Permissions
eXist will apply a default set of permissions to the database when it is first created,
and then also to new resources and collections as they are created by users in the
database (see
Table 8-5
).
Table 8-5. Default permissions
Thing
Owner user
Owner group
Mode
/db
rwxr-xr-x
(
0755
)
SYSTEM
dba
/db/system
rwxr-xr-x
(
0755
)
SYSTEM
dba
/db/system/config
rwxr-xr-x
(
0755
)
SYSTEM
dba
/db/system/plugins
rwxrwx---
(
0770
)
SYSTEM
dba
/db/system/security
SYSTEM
rwxrwx---
(
0770
)
dba
New resource
Logged-in user
Logged-in user's primary group
0666
-
umask
a
New collection
Logged-in user
Logged-in user's primary group
0777
-
umask
User mask
-
-
022
a
The concept of the
umask
, or
user mask
, will be explained in the following section.
You might be asking yourself, if the
/db
collection is only writable
by the
SYSTEM
user by default, how is it that the
admin
user, which
eXist creates by default, can write to the database?
The answer is that the
admin
user is a member of the
dba
group,
which is
all-powerful
. The permissions mode is not checked for
dba
users.
You may be wondering why some of eXist's collections have a default permissions
mode of
0775
and others have a permissions mode of
0770
. Put simply, the collec‐
Search WWH ::
Custom Search