6

If I have a folder with e.g. the following permissions (0700):

drwx------  2 patrick patrick   4096 Sep 12 00:00 test

If I understand it correctly, this means only the folders owner can:

  • read: list files
  • write: create, delete and rename files (but this only works if execute is set as well)
  • execute: access file contents and meta-information

If I now add a file to the folder with the permission (0777):

-rwxrwxrwx  1 patrick patrick    0 Sep 12 00:00 testfile

There is no way another user can access the file, even as the file itself can be read, written and executed by all users. Am I correct or am missing some finer points of the Unix permission system?

If I'm correct, is there any reason (except keeping things nice and tidy) to still worry about correct file permissions in that folder? Are there cases (e.g. accesses via relative paths?) where other users may still access the said file?

Improve this question
8
  • "execute" access on dirs hasn't anything to do with "accessing filie contents and meta-info" (that is controlled by the file's own permissions). "execute" access on a directory means "search" access: x permission on dir gives you permission to access dir/file, which is independent of whether you're able to list the content of dir or not (for which you need the r permission). Commented Sep 12, 2019 at 0:51
  • So just to ensure I got it right: If an user e.g. only has --x access to a folder, he can access the content of the all the files in that folder? Isn't "search" not just another term for read, as to search you need to read the file. Commented Sep 12, 2019 at 0:56
  • No, search (x) is not another term for read (r). Being able to read the content of a directory (ie ls it) doesn't mean you're able to access its files. Just try it: mkdir dir; echo yup > dir/yup; chmod 400 dir; ls dir; cat dir/yup Commented Sep 12, 2019 at 0:59
  • 1
    Any permission on a directory doesn't have anything to do with the permission on its files. On linux, a directory is not a folder: it only contains "pointers" to the actual files -- the files "contained" within it can be also accessed via another directory. Commented Sep 12, 2019 at 1:30
  • 1
    Giving x on the directory allows the user to enter and traverse the directory. What they can do with the file inside depends on the permissions of the file itself. They can run ls directly against the file or read the contents with cat or a text editor as I've explained in my answer. Commented Sep 12, 2019 at 1:31

2 Answers 2

Reset to default
4

A file could be hard-linked elsewhere (and on Linux, bind-mounted elsewhere), and that will bypass the permissions of the containing original directory:

# mkdir dir; echo yup > dir/in
# ln dir/in out
# touch out-b; mount --bind dir/in out-b
# chmod 700 dir
# su user

user$ cat out out-b
yup
yup
user$ cat dir/in
cat: dir/in: Permission denied
user$ ls dir/in
ls: cannot access 'dir/in': Permission denied
user$ ls dir
ls: cannot open directory 'dir': Permission denied

As such a hard-link or bind-mount can happen inadvertently (as part of something else, etc) it's never a good idea to give more permissions than necessary.

drwx------ 2 patrick patrick 4096 Sep 12 00:00 test

If I understand it correctly, this means only the folders owner can:

execute: access file contents and meta-information

No, the x (execute/search) permission on a directory doesn't mean that. It means that only the owner can access the files via the entries of this directory. Acessing the files' contents is controlled by their own permissions.

Improve this answer
4

The r means that you can read the directory or the file itself. The x on a directory means that it can be traversed.

With the way that you have the permission set in your question, users and groups other than patrick can't enter the directory or list its contents. They can run ls directly on the contents of the directory but it will just return permission denied instead of giving any info.

If you give x permissions on the directory and nothing else then they can cd into the directory. If they run ls inside of the directory then it will give them permission denied but if they know or can guess the name of files inside then they can run ls directly on them and see that they exist. They can also read the contents of the file(s) with cat or vim or another text editor if they have read permissions on it.

If you give r permissions on the directory and nothing else then the user can't cd into the directory but they can run ls on it and see its contents although they can't run ls against the file(s) itself or use cat or vim to see the contents.

Improve this answer
2
  • Thanks @Nasir Riley, that let me wrap my head around it! Even though I've accepted mosvy's answer, as it answers they original question, this really helped. Maybe it would be beset to add your comment to the other answer? Commented Sep 12, 2019 at 1:39
  • "x on a directory means that it can be traversed" was key for me. Root/containing directory permissions dictate the maximum possible access to contained files (e.g. if o-x on a dir, then in general o does not have access to contained files). Commented Mar 2, 2022 at 6:15

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.