Site icon ashishb.net

Understanding Directory Permissions on Linux

This blog post is for those who understand how file permissions work but are looking for an explanation on how file permissions behave when they are applied to directories.

Execute permission:

given a filename(or dir name) which is directly under this directory, it can be translated into its inode number only if this permission is available. (In Layman’s language, inode number’s are needed to access a file’s metadata and actual data on Linux). With an exec-only permission, a user can access a file/subdir only if he knows its complete name.

Read permission:

If this permission is available then one can see the names of the files/subdirs which are directly under this directory but cannot change these names. (but note that, without dir permission, one cannot still translate these names into inode numbers and hence, cannot reach the actual file/subdir)

Note: try making a dir read-without-exec and do “ls dir” and “ls -l dir” to see the difference. “ls -l” actually accesses the file info for which it needs access to its inode number and thus, it does not complete successfully unless exec permission on dir is available.

Write+Execute permission:

If this permission is available then one can add/remove a new file/subdir directly under this dir (even if the user does not own that file, it can still be changed/deleted, enable sticky bit to prevent that)

Note:

  1. IMHO “write only” permission on dir is useless (if someone knows any use of it please do mention that in comments)
Exit mobile version