Design rationale behind search bit for directories

Question

Execute permission can be reasoned as a special program access control mechanism. The search permission on the other hand is described like this in the POSIX specification for an error code for open

[EACCES] Search permission is denied on a component of the path prefix, or ...

and for fchdir

[EACCES] Search permission is denied for the directory referenced by fildes.

Why is search permission mandatory for `cd'ing or traversing down a directory? What security rationale was there? Why does it has to be separate from read permission?

score 0 · Answer 1 · answered Apr 03 '18 at 13:06

Suppose you want to have a folder as mailbox receiving messages from others. You certainly do not want a stalker list (read permission) your directory to find scoops about you. Yet you need to allow the folder to be writable (at least to the people you know). Hence why search permission is separate from read permission, and the security rationale.

As to why is search permission mandatory for `cd'ing to and traversing down a directory, because it's been separated by design as mentioned in the first paragraph.

Design rationale behind search bit for directories

1 Answers1