#HeyNerds, why are #Unix #permissions so weird for directories?

Read perms let you list the filenames in the directory but nothing else (e.g.. not contents of files nor metadata like size or file owners).

Write perms let you add/delete/rename files in that directory, but only if exec perms are also present.

Exec perms let you read or write to files that already exist in a directory, but not list the names nor change the names. Hope you already know the filename you're after.

... WHY??

@federicomena "The first rule is that whenever we want to open any type of file by name, we must have execute permission in each directory mentioned in the name, including the current directory, if it is implied."

Why is that?

And why do we require to open files to rename/delete/create them?

@federicomena "To delete an existing file, we need write permission and execute permission in the directory containing the file. We do not need read permission or write permission for the file itself."

C'mon, this is weird. Who came up with these rules?

I don't think anyone came up with them.

I think they must be a consequence of some implementation choice of the 1970s.


@JordiGH "Note that read permission for a directory and execute permission for a directory mean different
things. Read permission lets us read the directory, obtaining a list of all the filenames in the
directory. Execute permission lets us pass through the directory when it is a component of a
pathname that we are trying to access. (We need to search the directory to look for a specific

+r means "can you read the list of files", and +x means "can you access the files".

@JordiGH e.g. you can have a +r-x directory, and you'll be able to list its contents, but not open files in it.

Or you can have a -r+x directory, and you *can't* list its contents, but if you know the names of files inside it, you can open them just fine. This is an old trick for kinda-sorta-secret directories.

@federicomena So why can't I create a new name in that directory with +w-x?

It seems that if w is just about the names in that directory, I shouldn't need to access any files in that directory to add a new name to that directory.

@JordiGH Because with -x you can't access the directory entry that would be created for the new file.

I'm having a hard time looking in the kernel sources for just where this is implemented. Probably fs/namei.c:generic_permission(), but that calls into the capabilities code and I have no idea about that.

@JordiGH relatedly, if you have r-x on a directory but no w, you can modify a file in it, but not rename the file or create a new one.

@federicomena Of course, you don't need +r either, just -r-w+x lets you modify files and read them too.

But +r-w-x lets you read the names in that directory.

I can see how some of these cases might be useful, but overall this feels a lot like the PHP hammer.

@JordiGH maybe a combination of

* small installations with only a few trusted people, back in the 1970s
* having only a few bits, permissions make sense
* "let's reuse this bit because directories are special anyway"
* no capabilities, extra security foo developed yet?

Regístrate para participar en la conversación

Mastodon es una red social basada en protocolos web abiertos y software libre y de código abierto. Está descentralizado como correo electrónico.