Permissions Query

Question

I thought I understood how permissions work in Linux, until I became aware of this situation.

I have a subfolder, oddball that contains files with following permissions:

ls -aRl /mnt/oddball
/mnt/oddball:
total 120
drwx------ 2 bendipa bendipa  4096 Aug 27 00:16 .
drwxr-xr-x 6 root    root     4096 Jul  1 15:51 ..
-rw-rw-r-- 1 bendipa bendipa    12 Aug 27 00:16 Adoc.txt
-rwx------ 1 bendipa bendipa 12655 Aug 26 18:16 .IntBnkDet.doc.pgp
-rwx------ 1 bendipa bendipa 14550 Aug 26 19:04 .PersonalDetail.odt.pgp
-rwx------ 1 bendipa bendipa 76357 Aug 15 15:43 .StatePensionGateway.doc.pgp

The problem is every time I make a new file within /mnt/oddball it assumes permissions shown as with the file Adoc.txt, whereas I assumed files would take permissions from their parent folder; in this case oddball's are shown as the first of the output line permissions listed. I note the parent folder of oddball, /mnt is root owned and shows permissions different to oddball, but would not expect those to have any effect on oddball's files.

Of course it's easy enough to change the permissions of new files in /mnt oddball in the terminal, but having to do so each time a file is created is a bit tedious. Or is this a necessity in Linux?

Answer 1

Permissions are not inherited from the parent folder.

On a normal filesystem, new files are created with mode 0666 (rw-rw-rw-) but modified by the umask value (inverted).

So, for example:

$ umask 0
$ touch foo
$ ls -l foo
-rw-rw-rw- 1 sweh sweh 0 Aug 26 21:14 foo

$ umask 022
$ touch bar
$ ls -l bar
-rw-r--r-- 1 sweh sweh 0 Aug 26 21:14 bar

$ umask 0222
$ echo hello > baz
$ ls -l baz       
-r--r--r-- 1 sweh sweh 6 Aug 26 21:15 baz

We can see that the umask value determines the permissions that the new file is created with.

To explain the numbers:

r=4
w=2
x=1

Each file has permissions for "owner", "group", "world". If you look at the number in Octal then you can break it down.

eg a permission of 0123 would mean

owner = 1 ==> --x
group = 2 ==> -w-
world = 3 ==> -wx

And we can see this:

$ chmod 0123 foo 
$ ls -l foo
---x-w--wx 1 sweh sweh 0 Aug 26 21:27 foo

A umask value determines the bits to keep. So determine the actual creation mode you take the 0666 and do a bitwise AND with the negation of the umask.

So if the umask is 0022 then the negation is 0755 and 0666 AND 0755 is 0644, which leads to the rw-r--r-- permission we saw earlier.

However there are some complications.

First is that to get to the file you need permissions along the whole directory path. So, in your example, even though Adoc.txt has world read permissions no one else can see the file because the directory blocks them from getting that far.

So effective permissions depend on the permissions on the whole directory tree, as well as the permissions on the file.

For example:

$ sudo ls -al X
total 8
drwx------ 2 root root 4096 Aug 26 21:19 .
drwxr-xr-x 3 root root 4096 Aug 26 21:18 ..
-rw-r--r-- 1 root root    6 Aug 26 21:19 y

The permissions on y says everyone can read it, but if I try...

$ cat X/y
cat: X/y: Permission denied

That's because the directory permission is blocking me.

You need x permissions on a directory to read files inside it.

$ sudo chmod a+x X

$ ls -ld X
drwx--x--x 2 root root 4096 Aug 26 21:19 X/

$ cat X/y
hello

Another complication is if you use a non-native file system (eg NTFS, or SMB). The mount flags can override the Unix permissions just because the original filesystem doesn't understand unix permissions. But that's likely not the case in your question.