28

The execute permission makes sense for files (which include scripts etc.), but when it comes to directories, the write (w) permission works the same way as execute (x), right?

Which means, if we are giving the write permission to a directory we also normally check "x" (for execute) for that directory as well, right?

its_me
  • 13,959
  • 2
    Your question is now incomprehensible. It's not clear where you're talking about the permissions on a file and where you're talking about the permissions on the directory that contains it. – Gilles 'SO- stop being evil' Aug 05 '11 at 07:27
  • 1
    If you have a new question can you just post it separately? – Michael Mrozek Aug 05 '11 at 19:27
  • 1
    What do you mean by "read permission is all we need for a file?" All you need for what? To read a file? Yes. To modify a file... no, unless you are the owner of that file. – gabe. Aug 05 '11 at 19:32
  • In addition to leaving out the operations "can read, can rename/delete files within the directory", your "000: can't delete it" is factually incorrect. If the directory happens to already be empty, you can delete it if you can write to its parent directory. If it's not empty, you can't delete it until it is empty (making it empty is a recursive operation that requires all three permissions on it and all nonempty subdirectories) – Random832 Aug 05 '11 at 19:35
  • Your edit to this question made it really confusing to figure out what was being asked and did not seem to add any value for future visitors. I reverted to the original simple question form that @Gilles answered. If you have a new issue you can ask another question. Please try to keep each question focused on one issue. – Caleb Aug 06 '11 at 14:44

1 Answers1

69

The execute permission on directories allows accessing files inside the directory. The read permission allows enumerating the directory entries. The write permission allows creating and removing entries in it.

Having read or write permission on a directory without execute permission is not useful. Having execute but not read permission is occasionally useful: it allows accessing files only if you know their exact name, a sort of primitive password protection.

So in practice the useful permissions on a directory are:

  • ---: no access
  • --x: can access files whose name is known (occasionally useful)
  • r-x: normal read-only access
  • rwx: normal read and write access

See also Directory with +x permission, parents without it. When would this be useful? and Do the parent directory's permissions matter when accessing a subdirectory?

  • @Gilles is right! Doing some research on this for Linux reveals: 1) When a directory does not have an 'x' permission for the user, it's the stat or lstat system call that fails. This results in getting no metadata of the directory entries, even though getting the directory entries (name, inode) is possible when user has 'r' permission on the directory. 2) See man 7 path_resolution on Linux for some additional information. – Kedar Mhaswade Jun 27 '13 at 00:32
  • 2
    w-x can also have its uses. For instance, it used to be quite common practice for public FTP sites to have an upload or incoming folder that was publicly writable but readable only by server administrators. – jmbpiano Jan 25 '17 at 14:48
  • What would rw- do that r-- couldn't do for directories? This answer mentions the ability to change modification time, but on my Linux ZFS system that's not true, I was able to change the modification time even when my directory was only r--. – CMCDragonkai Sep 14 '17 at 14:06
  • @CMCDragonkai You're right, changing metadata is based on ownership, it isn't related to permissions. I don't think you can do anything with a rw- directory other than list the entries (and move/remove it if you own its parent, that doesn't require any permission on the directory). – Gilles 'SO- stop being evil' Sep 14 '17 at 23:22
  • @Gilles: That's right. with rw- on the dir, I can't create new files in it or change existing ones, even if I have rw- on the file I try to change. Neither can I touch the file. I'm on Arch Linux 4.14.13. – Matthias Braun Jan 27 '18 at 15:28
  • I think the claim that r-- is not useful, is wrong; but as with anything, it all depends on what you're trying to do. Example: a monitoring service could have r-- on the mail spool to figure out that there are mails in the queue waiting to be sent, without having access to the actual contents of the emails (which may be privacy-sensitive). – Wouter Verhelst Apr 09 '18 at 12:50
  • @WouterVerhelst That would let the monitoring service see the list of file names, but not their timestamps. Ok, it might make sense with maildir. But I think a r-x directory and non-readable files makes more sense here. – Gilles 'SO- stop being evil' Apr 09 '18 at 16:46
  • So r is to read contents inside directory, w is to create new files inside directory, x is to read the files inside the directory as well as to rename the directory you need just x not r/w which is strange. – abhihello123 Dec 11 '23 at 02:55