sourcecode

Saturday, June 30, 2012

Permission on a directory

drwxrwxrwx
read:  read the content of the directory
write: change the content of the directory: create new/rm/mv files or subdirectories
execute: cd into the directory

 (root can do ANY operations even when the file permission is ---------, always!)

http://content.hccfl.edu/pollock/AUnix1/FilePermissions.htm

Without execute permission on a directory, a user can't access files in a directory even if they own them and have all permissions on them.
With read but not execute, you can do ls someDir but not ls -l someDir.  With execute but not read permission, you can ls -l someDir/file but not ls someDir or ls -l someDir.  Thinking of the system calls involved (read and stat) may help clarify this.  Also, make sure ls isn't aliased to something such as ls --color or ls -F, since these options change the listing to identify directories, links, and executables by using stat, which requires execute permission.  (Try /bin/ls each time, or unalias ls.)
Remember that to use ls -l file, or on some systems ls -i dir (i.e., to use stat() system call), you must have execute on the directory, the directory's parent, and all ancestor directories up to and including / (the root directory).
With execute but not read permission on a directory, users cannot list the contents of the directory but can access files within it if they know about them.
A common situation illustrating all this is user web sites.  If a user's web page is /home/auser/public_html/index.htm, then 'x' permission is needed for everyone on /, /home, /home/auser, and /home/auser/public_html, and the file index.htm needs 'r' permission for everyone ('x' is not needed for the file.)
To delete a file requires both write (to modify the directory itself) and execute (to stat() the file's inode) on a directory.  Note a user needs no permissions on a file nor be the file's owner to delete it!
To put or create a file in a directory required both w and x permissions.  Write permission is needed because you are modifying the directory with a new hard link, and execute permission is needed in order to use stat, open, and creat system calls.  (Creating a file involves trying to open the file first to see if it already exists and stat if it does, and using either ln to create a new hard link or creat to create a new file.)

/**************END**************/
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)