12

I am trying to understand the permission usage for the cp command in unix.

  1. What are the permissions required for copying a file into a directory
  2. What are the permissions required for copying out of a directory?

I'm assuming for my first question, the directory will need execute permissions to perform the operation and the file will need read permissions to read the binary of the file and then the output file will need write permissions.

For the second the directory itself would need execute permissions to perform the copy operation and the file would need read permissions to extract the data from the file.

Can anyone tell me if my logic is flawed?

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
Ryan
  • 141

3 Answers3

20

  1. you need:

    • source directory: execute and read permission
    • source file: read permission.
    • target directory: execute and write permission.
    • target file: you don't need any permission since it doesn't exit before you copy it. or write permission if the file exists.

  2. you need:

    • source directory: execute and read permission
    • source file: read permission.
    • target directory: execute and write permission.
    • target file: you don't need any permission since it doesn't exit before you copy it. or write permission if the file exists.

As you see, these 2 questions are actually the same. If you want to make sure, you can just test it yourself in just a few minutes.

Andy R
  • 103
SparedWhisle
  • 3,668
9

Firstly, you should understand that a directory without execute permissions is useless. You can list the contents if you have read permissions—but even that will throw an error without execute permissions, and ALL you will get is the names of the files within, no other info about them whatever.

Next, understand that execute permissions on a directory allow you to access the contents, irrespective of read permissions—BUT, only if you already know the exact name of the file in the directory. Without read permissions, you will not be able to list the directory contents, but execute allows you to get at the files within the directory if you know the filename, AND if you have correct permissions on the file itself.

Next, understand that write permissions on a directory allow you to add files and to DELETE files, irrespective of the permissions you have on the files. This means it can be possible to delete files which you don't even have permission to read.

An analogy that may be helpful is a phone book. The directory is just that—a directory. It is NOT a folder. It's like a phone book, and all it tells you is the file name and an associated "phone number" (called an inode number). Read permissions on the directory let you read the phone book. Execute permissions let you dial the numbers in the phone book. Write permissions let you write down file names and numbers in the phone book, and also scratch out file names and numbers already present. Notice that if you have execute permissions (the ability to dial numbers) but not read permissions (the ability to read through the phone book), you can still make a phone call, IF you know the file name. (The analogy breaks down slightly because in this case you don't need the inode number, just the filename.)

And, very importantly, notice that this says nothing whatsoever about how successful your phone call will be, only that you can make the phone call. That's when we get into file permissions. If you can make phone call at all, i.e. you have execute permissions on the directory (and, either know the filename already or have read permissions on the directory), then file permissions start to matter.

If you have read permissions on the file, the person on the phone will answer your questions (provide the info they have, i.e., tell you the file contents). If you have write permissions, you can change their answers (change the file contents). If you have execute permissions, you can run the file as a program...I have no analogy for this.

Notice that you can change the file contents without write permissions on the directory—because you aren't changing the directory (the phone book), only the file that the directory has a number for. But you can't make a new file in the directory without write permissions on the directory, because it involves writing a new name and number into the "phone book". Likewise if you have write permissions on the directory and get some jerk on the phone who won't answer your questions and won't accept your instructions (no write permissions, no read permissions on the file) you can still scratch his name out of the phone book.

I thought of this analogy myself; it's very precise in most respects and IS why a directory is called a "directory." Hopefully it helps in understanding the relation between directory permissions and file permissions. (There is an important feature I didn't cover, called a "sticky bit" on a directory, but you can look that one up on your own.)

Wildcard
  • 36,499
2

  1. Your user must have at least write and execute permissions on the target directory by any mean (i.e. if your user is the owner, at least permissions 300, if your user is not the owner but is in the group at least permissions 030 and if your user is not the owner and is not in the group, at least permissions 003)

  2. Your user must have at least read and execute permissions on the source directory by any mean (i.e. if your user is the owner, at least permissions 500, if your user is not the owner but is in the group at least permissions 050 and if your user is not the owner and is not in the group, at least permissions 005)

The reason why it's needed to have write permission (in the first case) and read permission (in the second case) is pretty self-explanatory; the reason why it's needed to have execute permissions in both case is because to write / read files it's mandatory to be able to access the directory, which is allowed only if the user has the execute permission on the target / source directory.

kos
  • 2,887