1

Is there any permissions configuration that allows a user to delete a file but not to read from it or to write to it?

tirenweb
  • 169
  • 1
    Not directly. You could chown a folder to 777 permissions. Any user could create or delete files in that folder. But if a file has e.g. permission 600 which is read/write to the owner ony, any user could delete this file anyways. – Thomas Oct 08 '16 at 12:25
  • @ThomasDickey This question is about a user being able to delete a file but not having read/write access. In that question, it's the other way around. – UTF-8 Oct 08 '16 at 14:08
  • Whatever - finding duplicates for frequently-asked questions is more valuable than cut/paste from other sources. – Thomas Dickey Oct 08 '16 at 14:46

2 Answers2

3

A file's permissions determine who can read, write or execute that file. Its parent directory's permissions determine who can delete it, because in POSIX, deleting a file is assimilated to writing to its parent directory, and doesn't actually have anything to do with the deleted file itself.

Thus a file can be unreadable and unwritable, yet anyone who can write in its parent directory will be able to delete it:

mkdir a
chmod 777 a
touch a/b
chmod 000 a/b

produces a file, b, in a directory a, such that no one apart from root can read or write b, but anyone can delete b.

(Note that anyone can also replace b.)

Stephen Kitt
  • 434,908
2

Yes, this is possible. The only write action needed to delete something is to remove the corresponding inode which requires permission to write in the parent directory (it's defined like that by POSIX).

You don't need to actually change anything about the file. A file counts as being deleted once its reference counter is at 0. The reference counter is equal to the number of inodes pointing at it plus the number of open file handlers of that file. The latter will be 0 if the file isn't in use. So once you remove that 1 inode the file has (if no other hard links exist), it's deleted.

An example:

Make a new directory and cd into it:

mkdir /tmp/test
cd /tmp/test

Then become root:

sudo su

Note that writing sudo in front of the next command won't work because it's the write action that needs to be done by root. The user executing echo doesn't really matter.

Then create a new file, change its permission, and exit the root shell again.

echo some content > someFile
chmod 600 someFile
exit

Let you show the contents of the directory:

ll

The output will be like this, only with your username instead of christoph:

total 12
drwxrwxr-x  2 christoph christoph 4096 Oct  8 14:27 ./
drwxrwxrwt 13 root      root      4096 Oct  8 14:25 ../
-rw-------  1 root      root        13 Oct  8 14:27 someFile

The 1 is the last line means that there is only 1 inode pointing at the file. So after deleting that 1 entry, the file will be gone if it isn't opened by any programs (and if it is, it will be gone after those programs closed it or have been terminated). This is usally the case but not always. See https://en.wikipedia.org/wiki/Hard_link for more info.

As you can see, you don't have read nor write permission on that file but you have write permission on the directory (the current directory is noted as a period (.)). This means you can remove the file via

rm someFile

But will be warned that that file is write-protected:

rm: remove write-protected regular file 'someFile'?

Just type y for "yes" and press enter.

Then, the file is gone:

$ ll
total 8
drwxrwxr-x  2 christoph christoph 4096 Oct  8 14:27 ./
drwxrwxrwt 13 root      root      4096 Oct  8 14:27 ../
UTF-8
  • 3,237