File protection in UNIX is maintained by the operating system in the inode associated with it. Each file has 11 protection bits associated with it. There are 9 bits formed by the cross product of the READ, wwrite, and execute rights with the owner, group, and world sets of users, and two special bits that allow a program to grant its user the rights of its owner or group. They work as follows:
The READ right grants access to look at the contents of a regular file, get input from a special file, or examine the contents of a directory file.
The WRITE right grants access to modify the contents of a regular file, send output to a special file, or modify the contents of a directory file.
The EXECUTE right grants access to load a file's contents into memory and begin interpreting it as program. Execute permission only makes sense for regular files, but in many systems is used to allow directory search.
Each of these rights can be extended to the owner of a file, a user whose Gid is the same as the group specified for the file, or all users on the system. In most UNIX systems accessibility requires recursive accessibility of all directories in the path, but there are some exceptions.
The Setuid and Setgid bits specify to the operating system that the respective access rights of the owner or group associated with the file are to be granted to any process executing the program, for the period of that program's execution.