Directory write permissions -- fail

David A. Bandel david
Mon May 17 11:31:39 PDT 2004 

On Thu, 23 May 2002 06:32:47 -0600
begin  bof <bof at pcisys.net> spewed forth:

> I've been trying to understand permissions on directories, but am having
> 
> trouble with the "write" permission.
> 
> As I understand it, read permission (r--r--r--) on a directory allows 
> the contents to be listed, write (-w--w--w-) allows files to be 
> added/deleted, and execute (--x--x--x) allows access to the file
> contents.
> 
> To test this, I created a directory, foo, and put three files in it: 
> foo1, foo2, foo3 (contents: this is foo1/2/3). I gave these files 
> rwxrwxrwx permissions to prevent file permission problems.
> 
> Then I changed the foo directory permissions to r--r--r--.  I could list
> 
> the files, but not do anything else like add/delete or "less" the file 
> contents. This is as it should be.
> 
> Then I changed the directory permissions to --x--x--x. I could list the 
> file contents using "less", but could not do anything else like "ls -al 
> foo", or add/delete a file, as should be.
> 
> But when I changed the directory permissions to -w--w--w-,  I could not 
> add a new file or delete any of the existing files, getting a 
> "permission denied" message. This is not as I understand it: I should be
> 
> able to do this.
> 
> Could anyone explain why?

Directories are special cases.  the execute bit allows you to cd into the
directory.  In order to write a file, you have to be able to enter the
directory.  Reading and running files is a little harder to understand. 
Programs (not scripts) can be run from outside the directory with only the
executable bit set. Scripts cannot be run this way. You must have r-x set
because you have to be able to read the file to run it.

This is one of the more difficult parts of understanding why things work
the way they do.  But this is some of what you need to understand to
create chroot jails with executables that can't be modified (or even
accessed) by the user.

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
		-- Nemesis Racing Team motto

More information about the Linux-users mailing list