0

So I want to hide the listing of all files to a particular group, yet I want them to be able to create/read files in that same folder. The following permissions on the folder appears to work (write and execute for the group):

chown root:shareusers /home/share
chmod 730 /home/share

Disabling read for the group prevents them from listing the contents (which is what I want).

"execute" against the directory then appears to permit the users to both read/write files in the folder (which is also what I want). Just attempting to understand why this works?

Gilles 'SO- stop being evil'
  • 829,060
Dave
  • 1
  • 1

1 Answers1

0

It is all terminology, but reading the directory means you can list the files (subdirectories, etc) of a directory. The execute bit specifies if you can search for a particular name (of a file, etc) in the directory.

The latter is necessary to be able to open a file, because even if you own a file in a directory, if you only have read permission on the directory (chmod 720 and only being member of the group) you cannot access the files content.

Anthon
  • 79,293
  • "only have read permission on the directory (chmod 720".... wouldn't "720" be "write only" ? – Dave Jan 10 '15 at 09:48
  • "730" would be execute + write for the group - against the folder (no read). How does execute+write permit access to files under the folder? Of course, the group has full read/write to the files themselves. – Dave Jan 10 '15 at 10:27
  • @dave I don't understand the "How", that is just the way it is implemented. Restrictions such as directory read/write/search permissions have a certain semantics and the kernel interpret those and enforces them. The kernel can of course read anything, it just restricts what information it passes on the the user based on the permissions. – Anthon Jan 10 '15 at 11:51