Execute vs Read bit. How do directory permissions in Linux work? Ask Question. Asked 10 years, 1 month ago. Active 7 months ago. Viewed k times. Improve this question. Think like this: the directory entry contains file names , so "reading" a directory is listing the files, "using" the directory is accessing the files. With directory execute bit set , you are allowed to traverse its hierachy.
Given you belong to "other" people and only have execute bit set chmod dirOne you cannot list dirOne content. BUT if it contains a sub directory "dirTwo" with rights set like chmod dirTwo you can actually list its content! Future visitors should also see related question on AskUbuntu: askubuntu. Add a comment. Active Oldest Votes. The read bit r allows the affected user to list the files within the directory The write bit w allows the affected user to create, rename, or delete files within the directory, and modify the directory's attributes The execute bit x allows the affected user to enter the directory, and access files and directories inside The sticky bit T , or t if the execute bit is set for others states that files and directories within that directory may only be deleted or renamed by their owner or root.
Improve this answer. Chris Down Chris Down k 22 22 gold badges silver badges bronze badges. Great answer, but I think the last sentence is misleading.
None of these permissions can be overridden per-file actually. I think it might be useful to mention ACL in this and other answers, cause their application for some directories can be misleading if one will consider only information provided by Chris Down — Dmitry Koroliov.
Seems that this answer doesn't mention the combined effect of write bit and execute bit, as Baldrick's answer mentions below? Without the execute bit set on a directory, you can't change the filename of a file in that directory. I'm wondering why this is, because the filename is stored in a directory entry, not an inode.
Show 4 more comments. So, for example, if you have a directory named poems : You can ls poems and you'll get a list of items living within -l won't reveal any details!
You can use command-line completion i. You cannot make poems your working directory i. You need this permission if you want to: access read, write, execute items living within. PS: The article mentioned by Kusalananda is a good read. Baldrick Baldrick 8, 2 2 gold badges 16 16 silver badges 8 8 bronze badges. Thinking about directory as a list makes things more clear and logical.
Great answer, but too focused on the term "working directory". This is where I found out you can't write unless it's executable too! Case 2 is also interesting, great answer! If you want to ls -l work for a folder, need both r and x permission. Much better than the most-upvoted answer! I have prepared this table with all the possible permissions and their practical effects.
Some thoughts : With X unset , R and W are mostly useless. X alone disabling RW gives you a false sense of security since you could blindly read and write file contents and access subdirectories. You should be sure that every direct children of the directory have explicit permissions. Rarely you will use other values than: 0 : No access. David David 1, 8 8 silver badges 8 8 bronze badges.
Great summary chart. The previous command, for example, doesn't change any existing settings specifying whether users besides yourself may have read r access to myfile. The chmod command also operates on directories. For example, to remove write permission for other users on a subdirectory named mydir , you would enter:. To change permissions recursively in all subdirectories below the specified directory, add the -R option; for example, to grant execution permissions for other users to a directory mydir and all the subdirectories it contains, you would enter:.
Be careful when setting the permissions of directories, particularly your home directory; you don't want to lock yourself out by removing your own access. Also, you must have execute permission on a directory to switch cd to it.
The other way to use the chmod command is the absolute form, in which you specify a set of three numbers that together determine all the access classes and types. Rather than being able to change only particular attributes, you must specify the entire state of the file's permissions. The three numbers are specified in the order: user or owner , group, and other. Each number is the sum of values that specify read, write, and execute access:.
You can think of the three digit sequence as the sum of attributes you select from the following table:. Sum all the accesses you wish to permit. To share a file or directory that you own with someone, you can grant read and execute privileges for that user.
However, you must also set the same privileges on any parent directories above the item you're sharing; if you don't, the user can't look and change into cd all the parent directories above your file or directory. If you think of a file system as a physical place, then permissions work like keys that let you access different directories:.
Imagine the path as a physical space:. You might try to do it this way:. However, a user can't read or access a subdirectory unless the user also has x permissions to the parent directories. In other words, the above command gives out a key to your closet, but not to your room or apartment.
This will let others move cd to the scripts directory. The result is that group members have all rights to files in the specified directories and subdirectories. Others have permission to traverse the directories as needed to read and execute two specified files.
To change the default permissions that are set when you create a file or directory within a session or with a script, use the umask command. The umask examples shown here will give you and group members read, write, and execute permission. Others will have only read and execute permission. Several additional commands are useful for managing groups to control who can access files and directories. For example, you can limit access to users who share your core-hour or storage space allocation.
Say you don't want all members of the ncar group to have group permissions to read, write, and execute certain files. You can use the commands described below to set or change group ownership of certain files and directories so only members of that UNIX group have permission to access them. If there is no group that allows you to share as needed with other users who have NCAR user accounts:. Files or directories that you create or edit become associated with your current UNIX group.
Usually, that is your default primary group unless you change groups after you log in. See "Changing current group" below. If you aren't sure what your current group is, or which other groups you belong to, you can find out by running the id command after you log in. It will return your user ID uid and your current group gid , and it will list any other groups with which you are associated.
To change from one group to another during a login session , follow this example using the sg command and the name of the new group. The command will start a new shell with your new current group ID in effect.
0コメント