Directory write permissions -- fail

bof bof
Mon May 17 11:31:39 PDT 2004 

Thanx. Your explanation makes sense.

So the execute permission must be used with the read or write permission 
when dealing with a directory if the user plans on allowing read or 
write access to it.

But no book that I have read, and for that matter, the man/info page 
explains permissions like this: the explanation is simply that the 
"write" permission allows files to be added or deleted from the 
directory, implying that "write" alone is all that is needed.

I would hope that your book will take the time to explain this 
permissions business a little better than other's.

David A. Bandel wrote:

>On Thu, 23 May 2002 06:32:47 -0600
>begin  bof <bof at pcisys.net> spewed forth:
>
>>I've been trying to understand permissions on directories, but am having
>>
>>trouble with the "write" permission.
>>
>>As I understand it, read permission (r--r--r--) on a directory allows 
>>the contents to be listed, write (-w--w--w-) allows files to be 
>>added/deleted, and execute (--x--x--x) allows access to the file
>>contents.
>>
>>To test this, I created a directory, foo, and put three files in it: 
>>foo1, foo2, foo3 (contents: this is foo1/2/3). I gave these files 
>>rwxrwxrwx permissions to prevent file permission problems.
>>
>>Then I changed the foo directory permissions to r--r--r--.  I could list
>>
>>the files, but not do anything else like add/delete or "less" the file 
>>contents. This is as it should be.
>>
>>Then I changed the directory permissions to --x--x--x. I could list the 
>>file contents using "less", but could not do anything else like "ls -al 
>>foo", or add/delete a file, as should be.
>>
>>But when I changed the directory permissions to -w--w--w-,  I could not 
>>add a new file or delete any of the existing files, getting a 
>>"permission denied" message. This is not as I understand it: I should be
>>
>>able to do this.
>>
>>Could anyone explain why?
>>
>
>Directories are special cases.  the execute bit allows you to cd into the
>directory.  In order to write a file, you have to be able to enter the
>directory.  Reading and running files is a little harder to understand. 
>Programs (not scripts) can be run from outside the directory with only the
>executable bit set. Scripts cannot be run this way. You must have r-x set
>because you have to be able to read the file to run it.
>
>This is one of the more difficult parts of understanding why things work
>the way they do.  But this is some of what you need to understand to
>create chroot jails with executables that can't be modified (or even
>accessed) by the user.
>
>Ciao,
>
>David A. Bandel
>

More information about the Linux-users mailing list