1

I don't understand how permissions on directories work. For example:

r: I can list all present files in a directory (e.g. ls)

w: I can modify a file in a directory, delete it and create a new sub-directory

x: I can access to a directory (e.g. cd)

If I'm right in the following situation:

-w-
  • Can I remove a file if I already know its name?
  • Can I remove a file even if I don't have write permissions to it?

Another question. In case of sticky bit (e.g. /tmp) I can't remove or rename a file if I'm not its owner: in order to do it a file permission isn't enough?

Drew Ber
  • 31
  • If you, for a moment, imagine that a directory is a file whose content is the list of files in it, it helps to explain the permissions on the directory: r and you can read the content of the "file" which is the file of files in directory, w and you can modify the list of files in the directory, that is deleting or creating new ones, x and here the metaphor breaks a little... so no good analogy. – Patrick Mevzek Aug 19 '18 at 16:10

1 Answers1

2

The x permission on directory dir lets you access the files dir/file. Without it, the w permission doesn't help you at all, since to create or delete the files, you'd need to be able to point to them.

If you had -wx on the directory, however, then you could remove files if you knew their names (and create new files).

Reading the directory, i.e. listing the contents doesn't require accessing any of dir/file, just dir itself, so if you have r--, you can get a listing of the files.

The permissions of the file don't influence removing the file, not even in sticky directories, at least on my Linux. The man page (chmod(1)) says you need to be the owner of the file, or the directory to remove or rename files from a sticky directory.

/tmp$ ls -l test
-rw-rw-rw- 1 root root 0 Aug 19 16:17 test
/tmp$ rm test
rm: cannot remove 'test': Operation not permitted

See also: Execute vs Read bit. How do directory permissions in Linux work?

ilkkachu
  • 138,973
  • A w permission (without x) is totally useless for a directory, right? The -wx condition lets me able to remove/rename/add a file, but I'm not able to modify a file (e.g. write something into it) if I don't have the write permission to that file: right? About the sticky bit: if I have a file in /tmp like rwxrwx--- user1 group1 and I'm user2 group1, can I remove that file? – Drew Ber Aug 19 '18 at 20:02
  • @DrewBer, 1) yep, w without x is useless as far as I know. 2) And yep, modifying the file is controlled by the file's permissions. 3) I didn't test, but I don't think group membership is enough to delete files from sticky directories. It's not uncommon for a system to have just a single group (say, users) for almost all the users, and the point of stickiness would be mostly defeated if members of the group could delete the files of other members of the group. – ilkkachu Aug 19 '18 at 20:15
  • I'm thinking about the following case

    drwxr-xrwx root root dir -rwxr-xr-x user1 user1 file

    File is inside dir. In the above situation user1 can modify the file due to its write access, but another no-root user can do it due to write access to directory:

    1. user2 can remove file
    2. user2 can write a modified version of file.

    The result is the same, right?

     – Drew Ber Aug 25 '18 at 09:54
  • Considering another case:

    drwxr-x--- root root dir -rwxr-xr-x user1 user1 file

    In this case user1 can execute and modify the file but it can't perform ls or cd commands on dir: it can do it if the file path is already known, right?

    Last case:

    drwxr-xr-- root root dir

    user1 can still perform ls command on that direcotory without accessing to it, right?

     – Drew Ber Aug 25 '18 at 09:57
  • @DrewBer, that first one is a good point: if you have w to dir, but not to dir/file, you can remove or rename the file and create a new one with the same name. It does change the identity of the file, though: any hard links to it are broken, it could get a new inode, and the new file is owned by the user who re-creates it. – ilkkachu Aug 25 '18 at 10:25
  • @DrewBer, in that second one, if you don't have x permission to dir, then you don't access dir/file, period. Not directly with a full pathname, and not through cd'ing to the directory first (because you can't do that either) – ilkkachu Aug 25 '18 at 10:28