107

If I create a file and then change its permissions to 444 (read-only), how come rm can remove it?

If I do this:

echo test > test.txt
chmod 444 test.txt
rm test.txt

...rm will ask if I want to remove the write-protected file test.txt. I would have expected that rm can not remove such a file and that I would have to do a chmod +w test.txt first. If I do rm -f test.txt then rm will remove the file without even asking, even though it's read-only.

Can anyone clarify? I'm using Ubuntu 12.04/bash.

Gilles 'SO- stop being evil'
  • 829,060
Magnus
  • 1,413

3 Answers3

119

All rm needs is write+execute permission on the parent directory. The permissions of the file itself are irrelevant.

Here's a reference which explains the permissions model more clearly than I ever could:

Any attempt to access a file's data requires read permission. Any attempt to modify a file's data requires write permission. Any attempt to execute a file (a program or a script) requires execute permission...

Because directories are not used in the same way as regular files, the permissions work slightly (but only slightly) differently. An attempt to list the files in a directory requires read permission for the directory, but not on the files within. An attempt to add a file to a directory, delete a file from a directory, or to rename a file, all require write permission for the directory, but (perhaps surprisingly) not for the files within. Execute permission doesn't apply to directories (a directory can't also be a program). But that permission bit is reused for directories for other purposes.

Execute permission is needed on a directory to be able to cd into it (that is, to make some directory your current working directory).

Execute is needed on a directory to access the "inode" information of the files within. You need this to search a directory to read the inodes of the files within. For this reason the execute permission on a directory is often called search permission instead.

Manuel Jordan
  • 1,728
  • 2
  • 16
  • 40
ire_and_curses
  • 12,362
  • 2
    So if I wanted to create a directory where some files could not be deleted/changed without doing chmod first, but others could be freely writable, that would be impossible? I would have to chmod the directory 555, which would mean no files in the directory could be created or modified. – Magnus Sep 19 '12 at 08:50
  • @Magnus - Yes, that's right. – ire_and_curses Sep 19 '12 at 08:54
  • Ugh. I'm trying to create a backup system where some important files are immutable. Guess I'll have to look into using SELinux. FML – Magnus Sep 19 '12 at 08:56
  • 3
    @Magnus - Of course, there's nothing stopping you making a writable child directory inside the read-only directory, and storing your writable files inside that. The child directory itself cannot be deleted, but its contents can. – ire_and_curses Sep 19 '12 at 08:57
  • That's a good point. It would make my directory tree uglier, but compared to the pain of using SELinux it may be worth it... – Magnus Sep 19 '12 at 08:58
  • 7
    Can't you make a directory sticky with +t so that people can no longer modify or remove files in that directory that they don't own even if they have write access to the directory? – Shadur-don't-feed-the-AI Sep 19 '12 at 12:10
  • @Shadur: I think that's what the OP is looking for, even if it's out of the scope of this question. – Stéphane Gimenez Sep 19 '12 at 12:47
  • 3
    @Magnus If you have root access (including sudo), you can use chattr to add the immutable flag to files. If not, then ire_and_curses is quite correct. – James O'Gorman Sep 19 '12 at 12:49
  • 2
    Shadur: No one but me is using the system. I want to protect myself from my own stupidity. – Magnus Sep 19 '12 at 13:59
  • 1
    @Magnus then don't use rm -f, yes | rm or rm <yes – OrangeDog Sep 19 '12 at 15:19
  • 6
    Not using rm -f only works as long as I'm sober... plus, I have no idea what the retarded bash scripts I write may or may not do – Magnus Sep 19 '12 at 16:27
  • 1
    your statement that All rm needs is write permission on the parent directory. is 100% wrong. I just tried to delete a file from a directory which has permission of just write and couldn't. BUT I could delete that file after giving write and execute permission on that dir. voting down for giving wrong information... – Alex Jones Sep 18 '15 at 10:33
  • @edward torvalds - Thanks for this. You are quite right, although I don't fully understand why yet. I've fixed my mistake. ;) – ire_and_curses Sep 19 '15 at 05:00
  • Could be thinking about this wrong, but if you have read+execute permissions on (at least) the last bit of a parent directory, you should be able to prevent files from being removed by your user, no? Any need to write can be handled under root, and a separate account for the OP's backup solution to run in with at least write+execute permissions. This seems like a silly way of doing things though. I honestly don't understand why all Linux filesystems don't have more granular permissions in this day and age. – user66001 Dec 31 '20 at 15:50
53

Ok, according to your comment to ire_and_curses, what you really want to do is make some files immutable. You can do that with the chattr command. For example:

e.g.

$ cd /tmp
$ touch immutable-file
$ sudo chattr +i immutable-file

$ rm -f immutable-file
rm: remove write-protected regular empty file `immutable-file'? y
rm: cannot remove `immutable-file': Operation not permitted

$ mv immutable-file someothername
mv: cannot move `immutable-file' to `someothername': Operation not permitted

$ echo foo > immutable-file 
-bash: immutable-file: Permission denied

You can't do anything to an immutable file - you can't delete it, edit it, overwrite it, rename it, chmod or chown it, or anything else. The only thing you can do with it is read it (if unix permissions allow) and (as root) chattr -i to remove the immutable bit.

Not all filesystems support all attributes. AFAIK, immutable is supported by all common linux filesystems (incl ext2/3/4 and xfs. zfsonlinux doesn't support attributes at all at the moment)

cas
  • 78,579
  • Wow, thank you! That is amazing, I didn't know the immutable attribute existed! – Magnus Sep 19 '12 at 09:05
  • 5
    it's occasionally useful. btw, not even root can modify or delete an immutable file (not without removing the immutable attribute first). also btw, use lsattr to list attributes. – cas Sep 19 '12 at 09:13
  • 2
    +1 - I'd forgotten about attributes, and was so busy answering the literal question about rm that this never even occurred to me... – ire_and_curses Sep 19 '12 at 09:16
  • A big thanks to the both of you, you've made my day so much easier – Magnus Sep 19 '12 at 09:25
  • 2
    This is filesystem specific and this could bring you more problems that it solves. – Stéphane Gimenez Sep 19 '12 at 12:44
  • In what way could it cause problems? It does exactly what I need. – Magnus Sep 19 '12 at 13:56
  • BTW, take a look at man chattr to see a list of attributes and what they mean. – cambraca Sep 19 '12 at 15:11
  • 4
    @Magnus: possible problems include backup (not all backup utilities will backup attributes - in fact, most won't) and restore (if you restore to a directory that already contains an immutable file, some programs will treat the inability to overwrite that file as a fatal error and abort). Also you can cause yourself confusion if you forget that you made a file immutable and cant figure out why you can't delete it....the 'Operation not permitted' error message is the same error message you see with some kinds of filesystem corruption, which can lead to potentially dangerous over-reaction. – cas Sep 19 '12 at 21:53
  • Those things don't matter to me - losing the files is a thousand times more damaging for me than the minor inconvenience of having to figure out how to do chattr -i on the files. – Magnus Sep 20 '12 at 07:14
  • 1
    You can copy (cp) an immutable file. – Octopus May 05 '15 at 15:07
  • @Octopus copying is reading a file and then writing what you've read somewhere else. I already said you can read an immutable file if unix file perms allow. – cas Mar 24 '16 at 11:09
0

One answer to this question claims that you can delete a file from directory only if it has just write permission is totally wrong! just try it! Give a directory just write permission and try to delete, you can't!
To delete a file inside a directory you need both write and execute permission on directory

Now back to the question: to delete a file using rm you are just removing its inode information from the directory i.e. you are not shredding it from disk. If inode information of file is not in directory you cannot access (also because you cannot see it since it is not listed by its parent directory) i.e. it is deleted for you.
Thus to delete a file from a directory all you is permission on directory; permissions on that file are irrelevant

Alex Jones
  • 6,353