Read perms let you list the filenames in the directory but nothing else (e.g.. not contents of files nor metadata like size or file owners).
Write perms let you add/delete/rename files in that directory, but only if exec perms are also present.
Exec perms let you read or write to files that already exist in a directory, but not list the names nor change the names. Hope you already know the filename you're after.
@JordiGH https://bluetechs.files.wordpress.com/2014/03/advanced-programming-in-the-unix-environment-by-w-richard-stevens-stephen-a-rago-ii-edition.pdf see section 4.5, File Access Permissions.
@federicomena "The first rule is that whenever we want to open any type of file by name, we must have execute permission in each directory mentioned in the name, including the current directory, if it is implied."
Why is that?
And why do we require to open files to rename/delete/create them?
@federicomena "To delete an existing file, we need write permission and execute permission in the directory containing the file. We do not need read permission or write permission for the file itself."
C'mon, this is weird. Who came up with these rules?
I don't think anyone came up with them.
I think they must be a consequence of some implementation choice of the 1970s.
@JordiGH "Note that read permission for a directory and execute permission for a directory mean different
things. Read permission lets us read the directory, obtaining a list of all the filenames in the
directory. Execute permission lets us pass through the directory when it is a component of a
pathname that we are trying to access. (We need to search the directory to look for a specific
+r means "can you read the list of files", and +x means "can you access the files".
@JordiGH e.g. you can have a +r-x directory, and you'll be able to list its contents, but not open files in it.
Or you can have a -r+x directory, and you *can't* list its contents, but if you know the names of files inside it, you can open them just fine. This is an old trick for kinda-sorta-secret directories.
@federicomena So why can't I create a new name in that directory with +w-x?
It seems that if w is just about the names in that directory, I shouldn't need to access any files in that directory to add a new name to that directory.
@JordiGH Because with -x you can't access the directory entry that would be created for the new file.
I'm having a hard time looking in the kernel sources for just where this is implemented. Probably fs/namei.c:generic_permission(), but that calls into the capabilities code and I have no idea about that.
@JordiGH relatedly, if you have r-x on a directory but no w, you can modify a file in it, but not rename the file or create a new one.
La red social del futuro: ¡Sin anuncios, sin vigilancia corporativa, diseño ético, y descentralización! ¡Sé dueño de tu información con Mastodon!