Permission bits of directories

What does folder permission bits – rwx, mean?

x – search for files in a directory.

You can cd, but you cannot ls, however if you know the name of a file, you can access its metadata and its contents; if the permissions on the file allows. You can even write to existing files (if write permission bit is set for the file) within the directory, even when the directory itself does not have write permission.
Take the following example, I have a folder named foobar and in this there is a file named, newfile also note that Coder and Arjob are names of two user accounts that I use in this post.

arjob > chmod 771 foobar
Coder > ll foobar
ls: cannot open directory .: Permission denied
Coder > ll newfile
-rw-rw-r-- 1 arjob arjob 19 Jan 29 13:30 newfile

r – read folder for files and folders.

With read permission alone you can only view the files and sub-folders names inside the folder, but neither can you cd into file directory or can you read the contents of the files inside the directories.

arjob > chmod 774 foobar
Coder > cd foobar
bash: cd: foobar: Permission denied
Coder > ll foobar
ls: cannot access foobar/file: Permission denied
ls: cannot access foobar/newdir: Permission denied
ls: cannot access foobar/newfile: Permission denied
total 0
-????????? ? ? ? ? ? file
d????????? ? ? ? ? ? newdir/
-????????? ? ? ? ? ? newfile

with rx permission, we can cd into and access file metadata and its contents.

arjob > chmod 775 foobar
Coder > ll foobar
total 12
-rw-rw-rw- 1 arjob arjob 13 Jan 29 13:31 file
drwxrwxr-x 2 arjob arjob 4096 Jan 29 13:05 newdir/
-rw-rw-r-- 1 arjob arjob 19 Jan 29 13:30 newfile

this listing cannot be done with execute permission alone.

w – write to directory

What you cannot do with rx permission is to add new files, rename or delete files in the directory. These are permitted/denied using the write permission bit.

arjob > chmod 775 foobar
Coder > touch foobar/foofile
touch: cannot touch ‘foofile’: Permission denied

mv or rm will fail the same way.

arjob > chmod 777 foobar
Coder > touch foobar/foofile
Coder > ll foobar
total 12
-rw-rw-rw- 1 arjob arjob 14 Jan 29 13:59 file
-rw-rw-r-- 1 Coder Coder 0 Jan 29 14:10 foofile
drwxrwxr-x 2 arjob arjob 4096 Jan 29 13:05 newdir/
-rw-rw-r-- 1 arjob arjob 19 Jan 29 13:30 newfile

The bits it seams, work on the entity themselves. For folders, the bits does not trickle into the files, bit rather work on the Folder inode data.

  • execute(x) permission, grants us permission to search for files in the folder inode database.
  • read(r) permission, grants us permission to read the folder inode database. That’s is why we can ls, and read the filenames because they are all in the folder inode database. Where does file metadata resides, because I cannot read them with just the read permission??
  • write(w) permission, grants us permission to write into the folder inode database. Thus we can create new files, move and remove them, even if I do not have write permission on the files, themselves.
arjob > chmod 777 foobar
Coder > ll foobar
total 12
-rw-rw-rw- 1 arjob arjob 14 Jan 29 13:59 file
drwxrwxr-x 2 arjob arjob 4096 Jan 29 13:05 newdir/
-rw-rw---- 1 arjob arjob 19 Jan 29 13:30 newfile

Now, even though, Coder does not have any file permission he can still delete the file, because Coder has write permission on the folder.

Coder > rm newfile
rm: remove write-protected regular file ‘newfile’? y

Folder permissions are very important, cannot believe I didn’t knew what they meant until now.

#computer-science, #linux, #unix

Advertisements