20
$ touch testfile
$ chmod g+w testfile
$ sudo adduser user2 user1
$ stat -c'%a %A' testfile
664 -rw-rw-r--
$ su user2
Password: 
$ groups
user2 user1
$ rm testfile 
rm: cannot remove `testfile': Permission denied

What is missing?

tshepang
  • 65,642

3 Answers3

34

Deleting a file means you are making changes to the directory it resides in, not the file itself. Your group needs rw on the directory to be able to remove a file. The permissions on a file are only for making changes to the file itself.

This might come off as confusing at first until you think about how the filesystem works. A file is just an inode, and the directory refers to the inode. By removing it, you're just removing a reference to that file's inode in the directory. So you're changing the directory, not the file. You could have a hard link to that file in another directory, and you'd still be able to remove it from the first directory without actually changing the file itself, it would still exist in the other directory.

jsbillings
  • 24,406
  • I get 775 drwxrwxr-x for the directory. – tshepang Feb 15 '11 at 18:12
  • 1
    What's the group ownership of the directory? Remember, the second 7 you mentioned is the permission the directory's group has, not your user's group. – jsbillings Feb 15 '11 at 18:39
  • How do I check for directory group ownership? – tshepang Feb 15 '11 at 19:14
  • 1
    ls -ld /path/to/directory or simply ls -ld . if you've already cd'd to that directory. – jsbillings Feb 15 '11 at 19:16
  • To use your command: stat -c'%G %g %a %A' . %G is the group name, %g is the numeric group id. – jsbillings Feb 15 '11 at 19:19
  • That cmd gives UNKNOWN 1002 775 drwxrwxr-x. – tshepang Feb 15 '11 at 19:38
  • You'll need to change the group ownership of the directory to the unix group of the user trying to remove the file if you'd like that user to be able to remove files there. Use chgrp. – jsbillings Feb 15 '11 at 19:42
  • I needed only change group ownership to user1 in my example. The trouble was the UNKNOWN thingy. – tshepang Feb 15 '11 at 19:55
  • 1
    for whatever reason, stat can't look up group ID 1002. stat looks up the group ID in /etc/group, NIS, LDAP, etc, and it's getting an error, that's why you're seeing UNKNOWN. I'd try running getent group 1002 to see if it gives you a more verbose error. – jsbillings Feb 15 '11 at 20:06
  • 1
    Actually, I don't find this behavior confusing at all. It is identical to how an actual, "real-life" directory works, which is why it's called "directory", and not, for example, "folder", which would behave quite differently. If I want to delete someone from my phone directory, I don't go to her house and kill her, I simply take a pen and strike through her number. IOW: I need write access to the directory, and no access to her. Windows has folders, Unix has directories, and both of them behave like their real-life counterparts. Confusion only happens if you mix them up. – Jörg W Mittag Feb 16 '11 at 04:12
  • @JörgWMittag that analogy made me chuckle, but it does effectively explain the concept. I might borrow it in the future :) – jw013 Feb 09 '12 at 07:04
1

Only the system can delete a file, and only if it has no references. A mere user can only unlink a file, that is, remove it from a directory. You need write access to a directory to unlink a file from it. Unlinking a file doesn't modify the file, so write access to the file is irrelevant.

David Schwartz
  • 5,414
0

It seems like in order to delete files from the directory you need user write permissions. Group write and all write are not enough, despite what the accepted answer says.

I tested this on two machines on two filesystems:

$ mkdir testdir
$ touch testdir/foo
$ chmod u-w testdir
$ chmod o+w testdir
$ ls -ld testdir
dr-xr-xrwx 2 tim all 17 Nov 25 23:08 testdir
$ rm testdir/foo
rm: cannot remove 'testdir/foo': Permission denied
$ chmod g+w testdir
$ rm testdir/foo
rm: cannot remove 'testdir/foo': Permission denied
$ chmod u+w testdir
$ rm testdir/foo
Timmmm
  • 586
  • 5
  • 17