Execute vs Read bit. How do directory permissions in Linux work?

346

In my CMS, I noticed that directories need the executable bit (+x) set for the user to open them. Why is the execute permission required to read a directory, and how do directory permissions in Linux work?

edited Dec 12 '16 at 5:31

smac89

19719

asked Sep 22 '11 at 12:13

Nick.h

2,23341416

15

...uh, because that's what the "+x" flag is for :)
– badp
Sep 22 '11 at 19:44

9

See also In Linux, "Write" Permission Is Equivalent To "Execute" For Directories? and Do the parent directory's permissions matter when accessing a subdirectory?
– Gilles
Sep 22 '11 at 22:56

14

Think like this: the directory entry contains file names, so "reading" a directory is listing the files, "using" the directory is accessing the files.
– tylerl
Sep 23 '11 at 9:12

6

With directory execute bit set, you are allowed to traverse its hierachy. Given you belong to "other" people and only have execute bit set (chmod 771 dirOne) you cannot list dirOne content. BUT if it contains a sub directory "dirTwo" with rights set like (chmod 774 dirTwo) you can actually list its content !
– Stphane
May 28 '16 at 17:06

add a comment |

346

edited Dec 12 '16 at 5:31

smac89

19719

asked Sep 22 '11 at 12:13

Nick.h

2,23341416

15

...uh, because that's what the "+x" flag is for :)
– badp
Sep 22 '11 at 19:44

9

See also In Linux, "Write" Permission Is Equivalent To "Execute" For Directories? and Do the parent directory's permissions matter when accessing a subdirectory?
– Gilles
Sep 22 '11 at 22:56

14

Think like this: the directory entry contains file names, so "reading" a directory is listing the files, "using" the directory is accessing the files.
– tylerl
Sep 23 '11 at 9:12

6

With directory execute bit set, you are allowed to traverse its hierachy. Given you belong to "other" people and only have execute bit set (chmod 771 dirOne) you cannot list dirOne content. BUT if it contains a sub directory "dirTwo" with rights set like (chmod 774 dirTwo) you can actually list its content !
– Stphane
May 28 '16 at 17:06

add a comment |

346

162

edited Dec 12 '16 at 5:31

smac89

19719

asked Sep 22 '11 at 12:13

Nick.h

2,23341416

linux permissions directory

edited Dec 12 '16 at 5:31

smac89

19719

asked Sep 22 '11 at 12:13

Nick.h

2,23341416

edited Dec 12 '16 at 5:31

smac89

19719

asked Sep 22 '11 at 12:13

Nick.h

2,23341416

edited Dec 12 '16 at 5:31

smac89

19719

edited Dec 12 '16 at 5:31

smac89

19719

edited Dec 12 '16 at 5:31

smac89

19719

asked Sep 22 '11 at 12:13

Nick.h

2,23341416

asked Sep 22 '11 at 12:13

Nick.h

2,23341416

asked Sep 22 '11 at 12:13

Nick.h

2,23341416

15

...uh, because that's what the "+x" flag is for :)
– badp
Sep 22 '11 at 19:44

9

See also In Linux, "Write" Permission Is Equivalent To "Execute" For Directories? and Do the parent directory's permissions matter when accessing a subdirectory?
– Gilles
Sep 22 '11 at 22:56

14

Think like this: the directory entry contains file names, so "reading" a directory is listing the files, "using" the directory is accessing the files.
– tylerl
Sep 23 '11 at 9:12

6

With directory execute bit set, you are allowed to traverse its hierachy. Given you belong to "other" people and only have execute bit set (chmod 771 dirOne) you cannot list dirOne content. BUT if it contains a sub directory "dirTwo" with rights set like (chmod 774 dirTwo) you can actually list its content !
– Stphane
May 28 '16 at 17:06

add a comment |

15

...uh, because that's what the "+x" flag is for :)
– badp
Sep 22 '11 at 19:44

9

See also In Linux, "Write" Permission Is Equivalent To "Execute" For Directories? and Do the parent directory's permissions matter when accessing a subdirectory?
– Gilles
Sep 22 '11 at 22:56

14

Think like this: the directory entry contains file names, so "reading" a directory is listing the files, "using" the directory is accessing the files.
– tylerl
Sep 23 '11 at 9:12

6

With directory execute bit set, you are allowed to traverse its hierachy. Given you belong to "other" people and only have execute bit set (chmod 771 dirOne) you cannot list dirOne content. BUT if it contains a sub directory "dirTwo" with rights set like (chmod 774 dirTwo) you can actually list its content !
– Stphane
May 28 '16 at 17:06

...uh, because that's what the "+x" flag is for :)
– badp
Sep 22 '11 at 19:44

See also In Linux, "Write" Permission Is Equivalent To "Execute" For Directories? and Do the parent directory's permissions matter when accessing a subdirectory?
– Gilles
Sep 22 '11 at 22:56

Think like this: the directory entry contains file names, so "reading" a directory is listing the files, "using" the directory is accessing the files.
– tylerl
Sep 23 '11 at 9:12

With directory execute bit set, you are allowed to traverse its hierachy. Given you belong to "other" people and only have execute bit set (chmod 771 dirOne) you cannot list dirOne content. BUT if it contains a sub directory "dirTwo" with rights set like (chmod 774 dirTwo) you can actually list its content !
– Stphane
May 28 '16 at 17:06

add a comment |

7 Answers
7

active

oldest

votes

323

When applying permissions to directories on Linux, the permission bits have different meanings than on regular files.

The read bit (r) allows the affected user to list the files within the directory

The write bit (w) allows the affected user to create, rename, or delete files within the directory, and modify the directory's attributes

The execute bit (x) allows the affected user to enter the directory, and access files and directories inside

The sticky bit (s) states that files and directories within that directory may only be deleted or renamed by their owner (or root)

edited 13 mins ago

Flow

470516

answered Sep 22 '11 at 12:33

Chris Down

79.1k14188202

24

Great answer, but I think the last sentence is misleading. None of these permissions can be overridden per-file actually. Here “access” is a bit ambiguous: +x on the directory grants access to files inodes through this specific directory (nothing less, nothing more, well… maybe chdir needs +x too). To read or write the contents of one file, the user also needs +r/+w on this file, but those are distinct permissions (they do not override anything).
– Stéphane Gimenez
Sep 22 '11 at 13:06

2

The immutable flag is filesystem specific and it won't precisely override those permissions, that's why I think the last sentence is misleading :-)
– Stéphane Gimenez
Sep 22 '11 at 13:18

1

I think it might be useful to mention ACL in this and other answers, cause their application for some directories can be misleading if one will consider only information provided by Chris Down
– user907860
Dec 29 '14 at 12:30

4

Seems that this answer doesn't mention the combined effect of write bit and execute bit, as Baldrick's answer mentions below? i.e. if you only have write permission but not execution permission, then it's quite useless.
– xji
Feb 16 '15 at 8:55

1

@StéphaneGimenez "+x on the directory grants access to files inodes" -- This seems like a good nemonic, but perhaps doesn't tell the whole story? Without the execute bit set on a directory, you can't change the filename of a file in that directory. I'm wondering why this is, because the filename is stored in a directory entry, not an inode.
– Kevin Wheeler
Dec 17 '15 at 22:11

|
show 3 more comments

234

First, think: What is a directory? It's just a list of items (files and other directories) that live within. So: directory = list of names.

Read bit = If set, you can read this list. So, for example, if you have a directory named poems:

You can ls poems and you'll get a list of items living within (-l won't reveal any details!).

You can use command-line completion i.e. touch poems/so <TAB> poems/somefile.

You cannot make poems your working directory (i.e. cd into it).

Write bit = If set, you can modify this list i.e. you can {add,rename,delete} names on it. But! You can actually do it only if the execute bit is set too.

Execute bit = Make this directory your working directory i.e. cd into it. You need this permission if you want to:

access (read, write, execute) items living within.

modify the list itself i.e. add, rename, delete names on it (of course the write bit must be set on the directory).

Interesting case 1: If you have write + execute permissions on a directory, you can {delete,rename} items living within even if you don't have write perimission on those items. (use sticky bit to prevent this)

Interesting case 2: If you have execute (but not write) permission on a directory AND you have write permission on a file living within, you cannot delete the file (because it involves removing it from the list). However, you can erase its contents e.g. if it's a text file you can use vi to open it and delete everything. The file will still be there, but it will be empty.

Summary:

Read bit = You can read the names on the list.
Write bit = You can {add,rename,delete} names on the list IF the execute bit is set too.
Execute bit = You can make this directory your working directory.

PS: The article mentioned by KAK is a good read.

answered Sep 22 '11 at 16:24

Baldrick

5,2072128

14

Thinking about directory as a list makes things more clear and logical.
– Trismegistos
Jan 9 '14 at 8:51

16

Great answer, but too focused on the term "working directory". I need the x bit for any access to this file: for cat a/b/c/d, I need the x bit on all a, b and c, even if I don't use them as cwd.
– glglgl
Nov 3 '14 at 9:24

1

This is where I found out you can't write unless it's executable too! Case 2 is also interesting, great answer!
– Mirko
Nov 30 '14 at 1:56

1

Another note is that even if you have x permission on the directory, if you don't have x permission on the file within, you can't really "execute" the file. You can only cat it for example, but you can't run the file itself.
– xji
Feb 16 '15 at 9:19

2

If you want to ls -l work for a folder, need both r and x permission.
– Eric Wang
Jun 12 '15 at 9:48

|
show 4 more comments

Here is a good article on this.

Summary:

A directory with its x bit set allows the user to cd (change directory)
into this directory, and access the files in it.

Details:

Read (r)

The ability to read the names of files stored in this directory.

Write (w)

The ability to rename files in the directory, create new files, or delete existing files, if you also have Execute permissions. If you don't have execute perms, then write perms are meaningless.

Execute (x)

The ability to cd into this directory, and access the files in this directory.

Here are a few examples that should make it easier to understand:

# "Full Access".  Reegen can list, create, delete, rename, delete,

# and stat any files in dir.

# Access to file contents is subject to the permissions

# of the file itself.

# New files can be created, any file can be deleted, regardless of

# file permissions.

drwx------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen can do everything in the "Full Access" list except create,

# delete, or rename files in this directory.

dr-x------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen can do everything in the "Full Access" list except list the

# filenames in this directory.  If she suspects there is a file

# named "program" she can list it, but cannot do an 'ls'

# of the directory itself.  She can access any file (file

# permissions permitting) if she knows its name.  She can

# create new files, or rename/delete existing ones.

d-wx------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen cannot create or delete any files in this directory.

# She can access any file (permissions permitting) if she

# knows its name already.

d--x------  1 reegen    reegen          4096 Jan 01 2003  dir

There is even more information in the Hacking Linux Exposed article.

edited May 27 '15 at 22:25

G-Man

12.9k93364

answered Sep 22 '11 at 12:36

Kusalananda

121k16229372

add a comment |

I have prepared this table with all the possible permissions and their practical effects.

linux directory permissions

(*) Only file names: other attributes such as size or date are not accesible. E.g. you can use tab key to autocomplete but not ls command.

Some thoughts:

With X unset, R and W are mostly useless.

X alone disabling RW gives you a false sense of security since you could blindly read and write file contents and access subdirectories. You should be sure that every direct children of the directory have explicit permissions.

Rarely you will use other values than:
- 0: No access.
- 1: Minimum access allowing traversing.
- 5: Allow reading / writing, but not altering the structure of the directory tree itself.
- 7: Full access.

edited Mar 30 '17 at 18:05

answered Oct 19 '16 at 12:11

David

52655

1

I would consider 5 a helpful value, when you want to allow reading / writing, but not altering the structure of the directory tree itself.
– hgiesel
Mar 29 '17 at 15:42

You are right. Updated!
– David
Mar 30 '17 at 18:05

4

Great summary chart. Makes me wonder what someone was thinking to have -W- be functionally equivalent to --- for directories. Not very intuitive. Of course these types of low-level bits often aren't.
– CivFan
May 2 '17 at 21:06

2

I tested this on my mac, but with -W-, I could rename the directory (in a directory with a sticky bit) but not with ---. That seems to be a difference
– cozyconemotel
Jul 15 '17 at 1:45

3

@David, You are missing the sticky bit.
– Pacerier
Nov 21 '17 at 17:29

|
show 5 more comments

From Robert Love's book "LINUX System Programming" chapter 1 section permission-

enter image description here

answered Nov 29 '17 at 13:57

alhelal

361517

add a comment |

For any operation accessing a file or directory, it must first resolve the path to the file or directory. The resolution requires the user has execute permission on all directories along the path, except the final path component. So for directories, you can think of the execute bit means "resolvable".

Take path /a/b/c.txt as an example, say the user has 1) execute permission on / and /a; 2) has read permission on /a/b; 3) read and write permission on /a/b/c.txt.

The user will fail to read (list) /a, because it has no read permission. But the path resolution doesn't fail.

The user will be able to read (list) /a/b, because the user has execute permission on /, /a and /a/b and has read permission on /a/b. Note that, when reading /a/b, the filename c.txt is visible, but the metadata (e.g. filesize) and the content is not, because the filename is stored with the directory, not with the file, but the metadata is stored in the inode of the file.

The user will fail to read /a/b/c.txt, because when resolving the path from / to /a to /a/b, it fails at /a/b since the user doesn't have execute permission.

See also how a pathname is resolved to a file.

edited Apr 21 at 0:31

answered Apr 20 at 22:02

Dagang

1012

add a comment |

-1

The meaning of Execute for directories is quite clear. Since there is no Traverse permission, unlike Windows, you must overload something. The designers picked Execute, That causes endless confusion. As a computer security guy assigning Execute rights to something you don't intend to actually Execute looks dodgy.

edited Sep 26 '17 at 22:30

answered Sep 26 '17 at 19:31

NemoX

1

The invention of the execute permission bit pre-dates the invention of the concept of a distinct traverse permission by about two decades. This answer's logic depends from a historic timeline that is nothing like that of the real world, and also fails to notice the existence of GENERIC_EXECUTE and what it is.
– JdeBP
Apr 3 at 7:34

add a comment |

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f21251%2fexecute-vs-read-bit-how-do-directory-permissions-in-linux-work%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

7 Answers
7

active

oldest

votes

7 Answers
7

active

oldest

votes

323

When applying permissions to directories on Linux, the permission bits have different meanings than on regular files.

The read bit (r) allows the affected user to list the files within the directory

The write bit (w) allows the affected user to create, rename, or delete files within the directory, and modify the directory's attributes

The execute bit (x) allows the affected user to enter the directory, and access files and directories inside

The sticky bit (s) states that files and directories within that directory may only be deleted or renamed by their owner (or root)

edited 13 mins ago

Flow

470516

answered Sep 22 '11 at 12:33

Chris Down

79.1k14188202

24

Great answer, but I think the last sentence is misleading. None of these permissions can be overridden per-file actually. Here “access” is a bit ambiguous: +x on the directory grants access to files inodes through this specific directory (nothing less, nothing more, well… maybe chdir needs +x too). To read or write the contents of one file, the user also needs +r/+w on this file, but those are distinct permissions (they do not override anything).
– Stéphane Gimenez
Sep 22 '11 at 13:06

2

The immutable flag is filesystem specific and it won't precisely override those permissions, that's why I think the last sentence is misleading :-)
– Stéphane Gimenez
Sep 22 '11 at 13:18

1

I think it might be useful to mention ACL in this and other answers, cause their application for some directories can be misleading if one will consider only information provided by Chris Down
– user907860
Dec 29 '14 at 12:30

4

Seems that this answer doesn't mention the combined effect of write bit and execute bit, as Baldrick's answer mentions below? i.e. if you only have write permission but not execution permission, then it's quite useless.
– xji
Feb 16 '15 at 8:55

1

@StéphaneGimenez "+x on the directory grants access to files inodes" -- This seems like a good nemonic, but perhaps doesn't tell the whole story? Without the execute bit set on a directory, you can't change the filename of a file in that directory. I'm wondering why this is, because the filename is stored in a directory entry, not an inode.
– Kevin Wheeler
Dec 17 '15 at 22:11

|
show 3 more comments

323

When applying permissions to directories on Linux, the permission bits have different meanings than on regular files.

The read bit (r) allows the affected user to list the files within the directory

The write bit (w) allows the affected user to create, rename, or delete files within the directory, and modify the directory's attributes

The execute bit (x) allows the affected user to enter the directory, and access files and directories inside

The sticky bit (s) states that files and directories within that directory may only be deleted or renamed by their owner (or root)

edited 13 mins ago

Flow

470516

answered Sep 22 '11 at 12:33

Chris Down

79.1k14188202

24

Great answer, but I think the last sentence is misleading. None of these permissions can be overridden per-file actually. Here “access” is a bit ambiguous: +x on the directory grants access to files inodes through this specific directory (nothing less, nothing more, well… maybe chdir needs +x too). To read or write the contents of one file, the user also needs +r/+w on this file, but those are distinct permissions (they do not override anything).
– Stéphane Gimenez
Sep 22 '11 at 13:06

2

The immutable flag is filesystem specific and it won't precisely override those permissions, that's why I think the last sentence is misleading :-)
– Stéphane Gimenez
Sep 22 '11 at 13:18

1

I think it might be useful to mention ACL in this and other answers, cause their application for some directories can be misleading if one will consider only information provided by Chris Down
– user907860
Dec 29 '14 at 12:30

4

Seems that this answer doesn't mention the combined effect of write bit and execute bit, as Baldrick's answer mentions below? i.e. if you only have write permission but not execution permission, then it's quite useless.
– xji
Feb 16 '15 at 8:55

1

@StéphaneGimenez "+x on the directory grants access to files inodes" -- This seems like a good nemonic, but perhaps doesn't tell the whole story? Without the execute bit set on a directory, you can't change the filename of a file in that directory. I'm wondering why this is, because the filename is stored in a directory entry, not an inode.
– Kevin Wheeler
Dec 17 '15 at 22:11

|
show 3 more comments

323

When applying permissions to directories on Linux, the permission bits have different meanings than on regular files.

The read bit (r) allows the affected user to list the files within the directory

The write bit (w) allows the affected user to create, rename, or delete files within the directory, and modify the directory's attributes

The execute bit (x) allows the affected user to enter the directory, and access files and directories inside

The sticky bit (s) states that files and directories within that directory may only be deleted or renamed by their owner (or root)

edited 13 mins ago

Flow

470516

answered Sep 22 '11 at 12:33

Chris Down

79.1k14188202

When applying permissions to directories on Linux, the permission bits have different meanings than on regular files.

The read bit (r) allows the affected user to list the files within the directory

The write bit (w) allows the affected user to create, rename, or delete files within the directory, and modify the directory's attributes

The execute bit (x) allows the affected user to enter the directory, and access files and directories inside

The sticky bit (s) states that files and directories within that directory may only be deleted or renamed by their owner (or root)

edited 13 mins ago

Flow

470516

answered Sep 22 '11 at 12:33

Chris Down

79.1k14188202

edited 13 mins ago

Flow

470516

edited 13 mins ago

Flow

470516

edited 13 mins ago

Flow

470516

answered Sep 22 '11 at 12:33

Chris Down

79.1k14188202

answered Sep 22 '11 at 12:33

Chris Down

79.1k14188202

answered Sep 22 '11 at 12:33

Chris Down

79.1k14188202

24

Great answer, but I think the last sentence is misleading. None of these permissions can be overridden per-file actually. Here “access” is a bit ambiguous: +x on the directory grants access to files inodes through this specific directory (nothing less, nothing more, well… maybe chdir needs +x too). To read or write the contents of one file, the user also needs +r/+w on this file, but those are distinct permissions (they do not override anything).
– Stéphane Gimenez
Sep 22 '11 at 13:06

2

The immutable flag is filesystem specific and it won't precisely override those permissions, that's why I think the last sentence is misleading :-)
– Stéphane Gimenez
Sep 22 '11 at 13:18

1

I think it might be useful to mention ACL in this and other answers, cause their application for some directories can be misleading if one will consider only information provided by Chris Down
– user907860
Dec 29 '14 at 12:30

4

Seems that this answer doesn't mention the combined effect of write bit and execute bit, as Baldrick's answer mentions below? i.e. if you only have write permission but not execution permission, then it's quite useless.
– xji
Feb 16 '15 at 8:55

1

@StéphaneGimenez "+x on the directory grants access to files inodes" -- This seems like a good nemonic, but perhaps doesn't tell the whole story? Without the execute bit set on a directory, you can't change the filename of a file in that directory. I'm wondering why this is, because the filename is stored in a directory entry, not an inode.
– Kevin Wheeler
Dec 17 '15 at 22:11

|
show 3 more comments

24

Great answer, but I think the last sentence is misleading. None of these permissions can be overridden per-file actually. Here “access” is a bit ambiguous: +x on the directory grants access to files inodes through this specific directory (nothing less, nothing more, well… maybe chdir needs +x too). To read or write the contents of one file, the user also needs +r/+w on this file, but those are distinct permissions (they do not override anything).
– Stéphane Gimenez
Sep 22 '11 at 13:06

2

The immutable flag is filesystem specific and it won't precisely override those permissions, that's why I think the last sentence is misleading :-)
– Stéphane Gimenez
Sep 22 '11 at 13:18

1

I think it might be useful to mention ACL in this and other answers, cause their application for some directories can be misleading if one will consider only information provided by Chris Down
– user907860
Dec 29 '14 at 12:30

4

Seems that this answer doesn't mention the combined effect of write bit and execute bit, as Baldrick's answer mentions below? i.e. if you only have write permission but not execution permission, then it's quite useless.
– xji
Feb 16 '15 at 8:55

1

@StéphaneGimenez "+x on the directory grants access to files inodes" -- This seems like a good nemonic, but perhaps doesn't tell the whole story? Without the execute bit set on a directory, you can't change the filename of a file in that directory. I'm wondering why this is, because the filename is stored in a directory entry, not an inode.
– Kevin Wheeler
Dec 17 '15 at 22:11

Great answer, but I think the last sentence is misleading. None of these permissions can be overridden per-file actually. Here “access” is a bit ambiguous: +x on the directory grants access to files inodes through this specific directory (nothing less, nothing more, well… maybe chdir needs +x too). To read or write the contents of one file, the user also needs +r/+w on this file, but those are distinct permissions (they do not override anything).
– Stéphane Gimenez
Sep 22 '11 at 13:06

The immutable flag is filesystem specific and it won't precisely override those permissions, that's why I think the last sentence is misleading :-)
– Stéphane Gimenez
Sep 22 '11 at 13:18

I think it might be useful to mention ACL in this and other answers, cause their application for some directories can be misleading if one will consider only information provided by Chris Down
– user907860
Dec 29 '14 at 12:30

Seems that this answer doesn't mention the combined effect of write bit and execute bit, as Baldrick's answer mentions below? i.e. if you only have write permission but not execution permission, then it's quite useless.
– xji
Feb 16 '15 at 8:55

@StéphaneGimenez "+x on the directory grants access to files inodes" -- This seems like a good nemonic, but perhaps doesn't tell the whole story? Without the execute bit set on a directory, you can't change the filename of a file in that directory. I'm wondering why this is, because the filename is stored in a directory entry, not an inode.
– Kevin Wheeler
Dec 17 '15 at 22:11

|
show 3 more comments

234

First, think: What is a directory? It's just a list of items (files and other directories) that live within. So: directory = list of names.

Read bit = If set, you can read this list. So, for example, if you have a directory named poems:

You can ls poems and you'll get a list of items living within (-l won't reveal any details!).

You can use command-line completion i.e. touch poems/so <TAB> poems/somefile.

You cannot make poems your working directory (i.e. cd into it).

Write bit = If set, you can modify this list i.e. you can {add,rename,delete} names on it. But! You can actually do it only if the execute bit is set too.

Execute bit = Make this directory your working directory i.e. cd into it. You need this permission if you want to:

access (read, write, execute) items living within.

modify the list itself i.e. add, rename, delete names on it (of course the write bit must be set on the directory).

Summary:

PS: The article mentioned by KAK is a good read.

answered Sep 22 '11 at 16:24

Baldrick

5,2072128

14

Thinking about directory as a list makes things more clear and logical.
– Trismegistos
Jan 9 '14 at 8:51

16

Great answer, but too focused on the term "working directory". I need the x bit for any access to this file: for cat a/b/c/d, I need the x bit on all a, b and c, even if I don't use them as cwd.
– glglgl
Nov 3 '14 at 9:24

1

This is where I found out you can't write unless it's executable too! Case 2 is also interesting, great answer!
– Mirko
Nov 30 '14 at 1:56

1

Another note is that even if you have x permission on the directory, if you don't have x permission on the file within, you can't really "execute" the file. You can only cat it for example, but you can't run the file itself.
– xji
Feb 16 '15 at 9:19

2

If you want to ls -l work for a folder, need both r and x permission.
– Eric Wang
Jun 12 '15 at 9:48

|
show 4 more comments

234

First, think: What is a directory? It's just a list of items (files and other directories) that live within. So: directory = list of names.

Read bit = If set, you can read this list. So, for example, if you have a directory named poems:

You can ls poems and you'll get a list of items living within (-l won't reveal any details!).

You can use command-line completion i.e. touch poems/so <TAB> poems/somefile.

You cannot make poems your working directory (i.e. cd into it).

Write bit = If set, you can modify this list i.e. you can {add,rename,delete} names on it. But! You can actually do it only if the execute bit is set too.

Execute bit = Make this directory your working directory i.e. cd into it. You need this permission if you want to:

access (read, write, execute) items living within.

modify the list itself i.e. add, rename, delete names on it (of course the write bit must be set on the directory).

Summary:

PS: The article mentioned by KAK is a good read.

answered Sep 22 '11 at 16:24

Baldrick

5,2072128

14

Thinking about directory as a list makes things more clear and logical.
– Trismegistos
Jan 9 '14 at 8:51

16

Great answer, but too focused on the term "working directory". I need the x bit for any access to this file: for cat a/b/c/d, I need the x bit on all a, b and c, even if I don't use them as cwd.
– glglgl
Nov 3 '14 at 9:24

1

This is where I found out you can't write unless it's executable too! Case 2 is also interesting, great answer!
– Mirko
Nov 30 '14 at 1:56

1

Another note is that even if you have x permission on the directory, if you don't have x permission on the file within, you can't really "execute" the file. You can only cat it for example, but you can't run the file itself.
– xji
Feb 16 '15 at 9:19

2

If you want to ls -l work for a folder, need both r and x permission.
– Eric Wang
Jun 12 '15 at 9:48

|
show 4 more comments

234

First, think: What is a directory? It's just a list of items (files and other directories) that live within. So: directory = list of names.

Read bit = If set, you can read this list. So, for example, if you have a directory named poems:

You can ls poems and you'll get a list of items living within (-l won't reveal any details!).

You can use command-line completion i.e. touch poems/so <TAB> poems/somefile.

You cannot make poems your working directory (i.e. cd into it).

Write bit = If set, you can modify this list i.e. you can {add,rename,delete} names on it. But! You can actually do it only if the execute bit is set too.

Execute bit = Make this directory your working directory i.e. cd into it. You need this permission if you want to:

access (read, write, execute) items living within.

modify the list itself i.e. add, rename, delete names on it (of course the write bit must be set on the directory).

Summary:

PS: The article mentioned by KAK is a good read.

answered Sep 22 '11 at 16:24

Baldrick

5,2072128

First, think: What is a directory? It's just a list of items (files and other directories) that live within. So: directory = list of names.

Read bit = If set, you can read this list. So, for example, if you have a directory named poems:

You can ls poems and you'll get a list of items living within (-l won't reveal any details!).

You can use command-line completion i.e. touch poems/so <TAB> poems/somefile.

You cannot make poems your working directory (i.e. cd into it).

Write bit = If set, you can modify this list i.e. you can {add,rename,delete} names on it. But! You can actually do it only if the execute bit is set too.

Execute bit = Make this directory your working directory i.e. cd into it. You need this permission if you want to:

access (read, write, execute) items living within.

modify the list itself i.e. add, rename, delete names on it (of course the write bit must be set on the directory).

Summary:

PS: The article mentioned by KAK is a good read.

answered Sep 22 '11 at 16:24

Baldrick

5,2072128

answered Sep 22 '11 at 16:24

Baldrick

5,2072128

answered Sep 22 '11 at 16:24

Baldrick

5,2072128

answered Sep 22 '11 at 16:24

Baldrick

5,2072128

14

Thinking about directory as a list makes things more clear and logical.
– Trismegistos
Jan 9 '14 at 8:51

16

Great answer, but too focused on the term "working directory". I need the x bit for any access to this file: for cat a/b/c/d, I need the x bit on all a, b and c, even if I don't use them as cwd.
– glglgl
Nov 3 '14 at 9:24

1

This is where I found out you can't write unless it's executable too! Case 2 is also interesting, great answer!
– Mirko
Nov 30 '14 at 1:56

1

Another note is that even if you have x permission on the directory, if you don't have x permission on the file within, you can't really "execute" the file. You can only cat it for example, but you can't run the file itself.
– xji
Feb 16 '15 at 9:19

2

If you want to ls -l work for a folder, need both r and x permission.
– Eric Wang
Jun 12 '15 at 9:48

|
show 4 more comments

14

Thinking about directory as a list makes things more clear and logical.
– Trismegistos
Jan 9 '14 at 8:51

16

Great answer, but too focused on the term "working directory". I need the x bit for any access to this file: for cat a/b/c/d, I need the x bit on all a, b and c, even if I don't use them as cwd.
– glglgl
Nov 3 '14 at 9:24

1

This is where I found out you can't write unless it's executable too! Case 2 is also interesting, great answer!
– Mirko
Nov 30 '14 at 1:56

1

Another note is that even if you have x permission on the directory, if you don't have x permission on the file within, you can't really "execute" the file. You can only cat it for example, but you can't run the file itself.
– xji
Feb 16 '15 at 9:19

2

If you want to ls -l work for a folder, need both r and x permission.
– Eric Wang
Jun 12 '15 at 9:48

Thinking about directory as a list makes things more clear and logical.
– Trismegistos
Jan 9 '14 at 8:51

Great answer, but too focused on the term "working directory". I need the x bit for any access to this file: for cat a/b/c/d, I need the x bit on all a, b and c, even if I don't use them as cwd.
– glglgl
Nov 3 '14 at 9:24

This is where I found out you can't write unless it's executable too! Case 2 is also interesting, great answer!
– Mirko
Nov 30 '14 at 1:56

Another note is that even if you have x permission on the directory, if you don't have x permission on the file within, you can't really "execute" the file. You can only cat it for example, but you can't run the file itself.
– xji
Feb 16 '15 at 9:19

If you want to ls -l work for a folder, need both r and x permission.
– Eric Wang
Jun 12 '15 at 9:48

|
show 4 more comments

Here is a good article on this.

Summary:

A directory with its x bit set allows the user to cd (change directory)
into this directory, and access the files in it.

Details:

Read (r)

The ability to read the names of files stored in this directory.

Write (w)

The ability to rename files in the directory, create new files, or delete existing files, if you also have Execute permissions. If you don't have execute perms, then write perms are meaningless.

Execute (x)

The ability to cd into this directory, and access the files in this directory.

Here are a few examples that should make it easier to understand:

# "Full Access".  Reegen can list, create, delete, rename, delete,

# and stat any files in dir.

# Access to file contents is subject to the permissions

# of the file itself.

# New files can be created, any file can be deleted, regardless of

# file permissions.

drwx------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen can do everything in the "Full Access" list except create,

# delete, or rename files in this directory.

dr-x------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen can do everything in the "Full Access" list except list the

# filenames in this directory.  If she suspects there is a file

# named "program" she can list it, but cannot do an 'ls'

# of the directory itself.  She can access any file (file

# permissions permitting) if she knows its name.  She can

# create new files, or rename/delete existing ones.

d-wx------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen cannot create or delete any files in this directory.

# She can access any file (permissions permitting) if she

# knows its name already.

d--x------  1 reegen    reegen          4096 Jan 01 2003  dir

There is even more information in the Hacking Linux Exposed article.

edited May 27 '15 at 22:25

G-Man

12.9k93364

answered Sep 22 '11 at 12:36

Kusalananda

121k16229372

add a comment |

Here is a good article on this.

Summary:

A directory with its x bit set allows the user to cd (change directory)
into this directory, and access the files in it.

Details:

Read (r)

The ability to read the names of files stored in this directory.

Write (w)

The ability to rename files in the directory, create new files, or delete existing files, if you also have Execute permissions. If you don't have execute perms, then write perms are meaningless.

Execute (x)

The ability to cd into this directory, and access the files in this directory.

Here are a few examples that should make it easier to understand:

# "Full Access".  Reegen can list, create, delete, rename, delete,

# and stat any files in dir.

# Access to file contents is subject to the permissions

# of the file itself.

# New files can be created, any file can be deleted, regardless of

# file permissions.

drwx------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen can do everything in the "Full Access" list except create,

# delete, or rename files in this directory.

dr-x------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen can do everything in the "Full Access" list except list the

# filenames in this directory.  If she suspects there is a file

# named "program" she can list it, but cannot do an 'ls'

# of the directory itself.  She can access any file (file

# permissions permitting) if she knows its name.  She can

# create new files, or rename/delete existing ones.

d-wx------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen cannot create or delete any files in this directory.

# She can access any file (permissions permitting) if she

# knows its name already.

d--x------  1 reegen    reegen          4096 Jan 01 2003  dir

There is even more information in the Hacking Linux Exposed article.

edited May 27 '15 at 22:25

G-Man

12.9k93364

answered Sep 22 '11 at 12:36

Kusalananda

121k16229372

add a comment |

Here is a good article on this.

Summary:

A directory with its x bit set allows the user to cd (change directory)
into this directory, and access the files in it.

Details:

Read (r)

The ability to read the names of files stored in this directory.

Write (w)

The ability to rename files in the directory, create new files, or delete existing files, if you also have Execute permissions. If you don't have execute perms, then write perms are meaningless.

Execute (x)

The ability to cd into this directory, and access the files in this directory.

Here are a few examples that should make it easier to understand:

# "Full Access".  Reegen can list, create, delete, rename, delete,

# and stat any files in dir.

# Access to file contents is subject to the permissions

# of the file itself.

# New files can be created, any file can be deleted, regardless of

# file permissions.

drwx------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen can do everything in the "Full Access" list except create,

# delete, or rename files in this directory.

dr-x------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen can do everything in the "Full Access" list except list the

# filenames in this directory.  If she suspects there is a file

# named "program" she can list it, but cannot do an 'ls'

# of the directory itself.  She can access any file (file

# permissions permitting) if she knows its name.  She can

# create new files, or rename/delete existing ones.

d-wx------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen cannot create or delete any files in this directory.

# She can access any file (permissions permitting) if she

# knows its name already.

d--x------  1 reegen    reegen          4096 Jan 01 2003  dir

There is even more information in the Hacking Linux Exposed article.

edited May 27 '15 at 22:25

G-Man

12.9k93364

answered Sep 22 '11 at 12:36

Kusalananda

121k16229372

Here is a good article on this.

Summary:

A directory with its x bit set allows the user to cd (change directory)
into this directory, and access the files in it.

Details:

Read (r)

The ability to read the names of files stored in this directory.

Write (w)

The ability to rename files in the directory, create new files, or delete existing files, if you also have Execute permissions. If you don't have execute perms, then write perms are meaningless.

Execute (x)

The ability to cd into this directory, and access the files in this directory.

Here are a few examples that should make it easier to understand:

# "Full Access".  Reegen can list, create, delete, rename, delete,

# and stat any files in dir.

# Access to file contents is subject to the permissions

# of the file itself.

# New files can be created, any file can be deleted, regardless of

# file permissions.

drwx------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen can do everything in the "Full Access" list except create,

# delete, or rename files in this directory.

dr-x------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen can do everything in the "Full Access" list except list the

# filenames in this directory.  If she suspects there is a file

# named "program" she can list it, but cannot do an 'ls'

# of the directory itself.  She can access any file (file

# permissions permitting) if she knows its name.  She can

# create new files, or rename/delete existing ones.

d-wx------  1 reegen    reegen          4096 Jan 01 2003  dir



# Reegen cannot create or delete any files in this directory.

# She can access any file (permissions permitting) if she

# knows its name already.

d--x------  1 reegen    reegen          4096 Jan 01 2003  dir

There is even more information in the Hacking Linux Exposed article.

edited May 27 '15 at 22:25

G-Man

12.9k93364

answered Sep 22 '11 at 12:36

Kusalananda

121k16229372

edited May 27 '15 at 22:25

G-Man

12.9k93364

edited May 27 '15 at 22:25

G-Man

12.9k93364

edited May 27 '15 at 22:25

G-Man

12.9k93364

answered Sep 22 '11 at 12:36

Kusalananda

121k16229372

answered Sep 22 '11 at 12:36

Kusalananda

121k16229372

answered Sep 22 '11 at 12:36

Kusalananda

121k16229372

add a comment |

I have prepared this table with all the possible permissions and their practical effects.

linux directory permissions

(*) Only file names: other attributes such as size or date are not accesible. E.g. you can use tab key to autocomplete but not ls command.

Some thoughts:

With X unset, R and W are mostly useless.

X alone disabling RW gives you a false sense of security since you could blindly read and write file contents and access subdirectories. You should be sure that every direct children of the directory have explicit permissions.

Rarely you will use other values than:
- 0: No access.
- 1: Minimum access allowing traversing.
- 5: Allow reading / writing, but not altering the structure of the directory tree itself.
- 7: Full access.

edited Mar 30 '17 at 18:05

answered Oct 19 '16 at 12:11

David

52655

1

I would consider 5 a helpful value, when you want to allow reading / writing, but not altering the structure of the directory tree itself.
– hgiesel
Mar 29 '17 at 15:42

You are right. Updated!
– David
Mar 30 '17 at 18:05

4

Great summary chart. Makes me wonder what someone was thinking to have -W- be functionally equivalent to --- for directories. Not very intuitive. Of course these types of low-level bits often aren't.
– CivFan
May 2 '17 at 21:06

2

I tested this on my mac, but with -W-, I could rename the directory (in a directory with a sticky bit) but not with ---. That seems to be a difference
– cozyconemotel
Jul 15 '17 at 1:45

3

@David, You are missing the sticky bit.
– Pacerier
Nov 21 '17 at 17:29

|
show 5 more comments

I have prepared this table with all the possible permissions and their practical effects.

linux directory permissions

(*) Only file names: other attributes such as size or date are not accesible. E.g. you can use tab key to autocomplete but not ls command.

Some thoughts:

With X unset, R and W are mostly useless.

X alone disabling RW gives you a false sense of security since you could blindly read and write file contents and access subdirectories. You should be sure that every direct children of the directory have explicit permissions.

Rarely you will use other values than:
- 0: No access.
- 1: Minimum access allowing traversing.
- 5: Allow reading / writing, but not altering the structure of the directory tree itself.
- 7: Full access.

edited Mar 30 '17 at 18:05

answered Oct 19 '16 at 12:11

David

52655

1

I would consider 5 a helpful value, when you want to allow reading / writing, but not altering the structure of the directory tree itself.
– hgiesel
Mar 29 '17 at 15:42

You are right. Updated!
– David
Mar 30 '17 at 18:05

4

Great summary chart. Makes me wonder what someone was thinking to have -W- be functionally equivalent to --- for directories. Not very intuitive. Of course these types of low-level bits often aren't.
– CivFan
May 2 '17 at 21:06

2

I tested this on my mac, but with -W-, I could rename the directory (in a directory with a sticky bit) but not with ---. That seems to be a difference
– cozyconemotel
Jul 15 '17 at 1:45

3

@David, You are missing the sticky bit.
– Pacerier
Nov 21 '17 at 17:29

|
show 5 more comments

I have prepared this table with all the possible permissions and their practical effects.

linux directory permissions

(*) Only file names: other attributes such as size or date are not accesible. E.g. you can use tab key to autocomplete but not ls command.

Some thoughts:

With X unset, R and W are mostly useless.

X alone disabling RW gives you a false sense of security since you could blindly read and write file contents and access subdirectories. You should be sure that every direct children of the directory have explicit permissions.

Rarely you will use other values than:
- 0: No access.
- 1: Minimum access allowing traversing.
- 5: Allow reading / writing, but not altering the structure of the directory tree itself.
- 7: Full access.

edited Mar 30 '17 at 18:05

answered Oct 19 '16 at 12:11

David

52655

I have prepared this table with all the possible permissions and their practical effects.

linux directory permissions

(*) Only file names: other attributes such as size or date are not accesible. E.g. you can use tab key to autocomplete but not ls command.

Some thoughts:

With X unset, R and W are mostly useless.

X alone disabling RW gives you a false sense of security since you could blindly read and write file contents and access subdirectories. You should be sure that every direct children of the directory have explicit permissions.

Rarely you will use other values than:
- 0: No access.
- 1: Minimum access allowing traversing.
- 5: Allow reading / writing, but not altering the structure of the directory tree itself.
- 7: Full access.

edited Mar 30 '17 at 18:05

answered Oct 19 '16 at 12:11

David

52655

edited Mar 30 '17 at 18:05

answered Oct 19 '16 at 12:11

David

52655

answered Oct 19 '16 at 12:11

David

52655

answered Oct 19 '16 at 12:11

David

52655

1

I would consider 5 a helpful value, when you want to allow reading / writing, but not altering the structure of the directory tree itself.
– hgiesel
Mar 29 '17 at 15:42

You are right. Updated!
– David
Mar 30 '17 at 18:05

4

Great summary chart. Makes me wonder what someone was thinking to have -W- be functionally equivalent to --- for directories. Not very intuitive. Of course these types of low-level bits often aren't.
– CivFan
May 2 '17 at 21:06

2

I tested this on my mac, but with -W-, I could rename the directory (in a directory with a sticky bit) but not with ---. That seems to be a difference
– cozyconemotel
Jul 15 '17 at 1:45

3

@David, You are missing the sticky bit.
– Pacerier
Nov 21 '17 at 17:29

|
show 5 more comments

1

I would consider 5 a helpful value, when you want to allow reading / writing, but not altering the structure of the directory tree itself.
– hgiesel
Mar 29 '17 at 15:42

You are right. Updated!
– David
Mar 30 '17 at 18:05

4

Great summary chart. Makes me wonder what someone was thinking to have -W- be functionally equivalent to --- for directories. Not very intuitive. Of course these types of low-level bits often aren't.
– CivFan
May 2 '17 at 21:06

2

I tested this on my mac, but with -W-, I could rename the directory (in a directory with a sticky bit) but not with ---. That seems to be a difference
– cozyconemotel
Jul 15 '17 at 1:45

3

@David, You are missing the sticky bit.
– Pacerier
Nov 21 '17 at 17:29

I would consider 5 a helpful value, when you want to allow reading / writing, but not altering the structure of the directory tree itself.
– hgiesel
Mar 29 '17 at 15:42

You are right. Updated!
– David
Mar 30 '17 at 18:05

Great summary chart. Makes me wonder what someone was thinking to have -W- be functionally equivalent to --- for directories. Not very intuitive. Of course these types of low-level bits often aren't.
– CivFan
May 2 '17 at 21:06

I tested this on my mac, but with -W-, I could rename the directory (in a directory with a sticky bit) but not with ---. That seems to be a difference
– cozyconemotel
Jul 15 '17 at 1:45

@David, You are missing the sticky bit.
– Pacerier
Nov 21 '17 at 17:29

|
show 5 more comments

From Robert Love's book "LINUX System Programming" chapter 1 section permission-

enter image description here

answered Nov 29 '17 at 13:57

alhelal

361517

add a comment |

From Robert Love's book "LINUX System Programming" chapter 1 section permission-

enter image description here

answered Nov 29 '17 at 13:57

alhelal

361517

add a comment |

From Robert Love's book "LINUX System Programming" chapter 1 section permission-

enter image description here

answered Nov 29 '17 at 13:57

alhelal

361517

From Robert Love's book "LINUX System Programming" chapter 1 section permission-

enter image description here

answered Nov 29 '17 at 13:57

alhelal

361517

answered Nov 29 '17 at 13:57

alhelal

361517

answered Nov 29 '17 at 13:57

alhelal

361517

answered Nov 29 '17 at 13:57

alhelal

361517

add a comment |

Take path /a/b/c.txt as an example, say the user has 1) execute permission on / and /a; 2) has read permission on /a/b; 3) read and write permission on /a/b/c.txt.

The user will fail to read (list) /a, because it has no read permission. But the path resolution doesn't fail.

The user will be able to read (list) /a/b, because the user has execute permission on /, /a and /a/b and has read permission on /a/b. Note that, when reading /a/b, the filename c.txt is visible, but the metadata (e.g. filesize) and the content is not, because the filename is stored with the directory, not with the file, but the metadata is stored in the inode of the file.

The user will fail to read /a/b/c.txt, because when resolving the path from / to /a to /a/b, it fails at /a/b since the user doesn't have execute permission.

See also how a pathname is resolved to a file.

edited Apr 21 at 0:31

answered Apr 20 at 22:02

Dagang

1012

add a comment |

Take path /a/b/c.txt as an example, say the user has 1) execute permission on / and /a; 2) has read permission on /a/b; 3) read and write permission on /a/b/c.txt.

The user will fail to read (list) /a, because it has no read permission. But the path resolution doesn't fail.

The user will be able to read (list) /a/b, because the user has execute permission on /, /a and /a/b and has read permission on /a/b. Note that, when reading /a/b, the filename c.txt is visible, but the metadata (e.g. filesize) and the content is not, because the filename is stored with the directory, not with the file, but the metadata is stored in the inode of the file.

The user will fail to read /a/b/c.txt, because when resolving the path from / to /a to /a/b, it fails at /a/b since the user doesn't have execute permission.

See also how a pathname is resolved to a file.

edited Apr 21 at 0:31

answered Apr 20 at 22:02

Dagang

1012

add a comment |

Take path /a/b/c.txt as an example, say the user has 1) execute permission on / and /a; 2) has read permission on /a/b; 3) read and write permission on /a/b/c.txt.

The user will fail to read (list) /a, because it has no read permission. But the path resolution doesn't fail.

The user will be able to read (list) /a/b, because the user has execute permission on /, /a and /a/b and has read permission on /a/b. Note that, when reading /a/b, the filename c.txt is visible, but the metadata (e.g. filesize) and the content is not, because the filename is stored with the directory, not with the file, but the metadata is stored in the inode of the file.

The user will fail to read /a/b/c.txt, because when resolving the path from / to /a to /a/b, it fails at /a/b since the user doesn't have execute permission.

See also how a pathname is resolved to a file.

edited Apr 21 at 0:31

answered Apr 20 at 22:02

Dagang

1012

Take path /a/b/c.txt as an example, say the user has 1) execute permission on / and /a; 2) has read permission on /a/b; 3) read and write permission on /a/b/c.txt.

The user will fail to read (list) /a, because it has no read permission. But the path resolution doesn't fail.

The user will be able to read (list) /a/b, because the user has execute permission on /, /a and /a/b and has read permission on /a/b. Note that, when reading /a/b, the filename c.txt is visible, but the metadata (e.g. filesize) and the content is not, because the filename is stored with the directory, not with the file, but the metadata is stored in the inode of the file.

The user will fail to read /a/b/c.txt, because when resolving the path from / to /a to /a/b, it fails at /a/b since the user doesn't have execute permission.

See also how a pathname is resolved to a file.

edited Apr 21 at 0:31

answered Apr 20 at 22:02

Dagang

1012

edited Apr 21 at 0:31

answered Apr 20 at 22:02

Dagang

1012

answered Apr 20 at 22:02

Dagang

1012

answered Apr 20 at 22:02

Dagang

1012

add a comment |

-1

edited Sep 26 '17 at 22:30

answered Sep 26 '17 at 19:31

NemoX

1

The invention of the execute permission bit pre-dates the invention of the concept of a distinct traverse permission by about two decades. This answer's logic depends from a historic timeline that is nothing like that of the real world, and also fails to notice the existence of GENERIC_EXECUTE and what it is.
– JdeBP
Apr 3 at 7:34

add a comment |

-1

edited Sep 26 '17 at 22:30

answered Sep 26 '17 at 19:31

NemoX

1

The invention of the execute permission bit pre-dates the invention of the concept of a distinct traverse permission by about two decades. This answer's logic depends from a historic timeline that is nothing like that of the real world, and also fails to notice the existence of GENERIC_EXECUTE and what it is.
– JdeBP
Apr 3 at 7:34

add a comment |

-1

edited Sep 26 '17 at 22:30

answered Sep 26 '17 at 19:31

NemoX

edited Sep 26 '17 at 22:30

answered Sep 26 '17 at 19:31

NemoX

edited Sep 26 '17 at 22:30

answered Sep 26 '17 at 19:31

NemoX

answered Sep 26 '17 at 19:31

NemoX

answered Sep 26 '17 at 19:31

NemoX

1

The invention of the execute permission bit pre-dates the invention of the concept of a distinct traverse permission by about two decades. This answer's logic depends from a historic timeline that is nothing like that of the real world, and also fails to notice the existence of GENERIC_EXECUTE and what it is.
– JdeBP
Apr 3 at 7:34

add a comment |

1

The invention of the execute permission bit pre-dates the invention of the concept of a distinct traverse permission by about two decades. This answer's logic depends from a historic timeline that is nothing like that of the real world, and also fails to notice the existence of GENERIC_EXECUTE and what it is.
– JdeBP
Apr 3 at 7:34

The invention of the execute permission bit pre-dates the invention of the concept of a distinct traverse permission by about two decades. This answer's logic depends from a historic timeline that is nothing like that of the real world, and also fails to notice the existence of GENERIC_EXECUTE and what it is.
– JdeBP
Apr 3 at 7:34

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Unix & Linux Stack Exchange!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you're in danger of being blocked from answering.

Please pay close attention to the following guidance:

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Sstrhsrtj