6

It's straightforward to realise that the permissions of a file are not relevant to the ability to delete that file. The ability to modify the directory listing is controlled by the directory's permissions.

However, for years I have believed that the purpose of the write permission was to allow modification of the directory, and the execute permission is for 'search' - listing files, or changing into the directory.

Today I discovered that one cannot rm a file in a directory unless both the write and execute bits are set. In fact, without execute set, write appears almost useless.

$ tree foo/
foo/
└── file_to_delete

0 directories, 1 file
$ chmod -x foo
$ ls -ld foo
drw-rw-r-- 2 ire_and_curses users 4096 Sep 18 22:08 foo/
$ rm foo/file_to_delete 
rm: cannot remove ‘foo/file_to_delete’: Permission denied
$ chmod +x foo/
$ rm foo/file_to_delete 
$ tree foo/
foo/

0 directories, 0 files
$

I find this behaviour pretty surprising. For directories, what is the reason that execute is required to make write useful in practice?

ire_and_curses
  • 12,362

1 Answers1

3

Without the execute bit, you can't run a stat() on the files in the directory, which means you can't determine the inode information of those files. To remove a file, you must know information which would be returned by stat().

A demonstration of this:

$ ls -ld test
drw------- 2 alienth alienth 4096 Sep 18 23:45 test

$ stat test/file
stat: cannot stat ‘test/file’: Permission denied

$ strace -e newfstatat rm test/file
newfstatat(AT_FDCWD, "test/file", 0x1a3f368, AT_SYMLINK_NOFOLLOW) = -1 EACCES (Permission denied)
newfstatat(AT_FDCWD, "test/file", 0x7fff13d4f4f0, AT_SYMLINK_NOFOLLOW) = -1 EACCES (Permission denied)
rm: cannot remove ‘test/file’: Permission denied
+++ exited with 1 +++

You can also demonstrate this with a simple ls -l. The metadata info of the directory may be readable and writable to your user, but without execute you can't determine the details of the file within the directory.

$ ls -l test
ls: cannot access test/file: Permission denied
total 0
-????????? ? ? ? ?            ? file
alienth
  • 2,197