Apple - Understanding directory permissions in UNIX
If I have r-- on a directory, I receive errors on attempting cd directory or touch directory/newfile, as expected. But if I run ls directory -- well, I don't get an error, but no files are listed, even if I know there are files that I own and/or have rights to within the directory. So, ls has run successfully but with no data to standard output. Why not?
If you just ls directory
then the "files" inside directory
should list but if you use ls -l
which calls stat(2)
the operation will silently fail as stat
requires a full searchable path to the filesystem object.
If I have -w- on a directory, I receive errors on cd and ls, as expected. But if I try to create a new file - touch directory/newfile - I also get an error. Why?
Once again touch
calls open(2)
system call which requires a full searchable path (all directories in the path are executable/searchable) or the operation will fail.
You have a fair idea about the UNIX file and directory permissions, which is good for a start.
There are three type of permissions
r
: read permissionw
: write permissionx
: execute permission
for three categories of ownerships
u
: user or the ownerg
: group ownero
: others or everyone else
Broadly speaking, there are two kind of entities in UNIX file system:
files
directories
On a technical level a directory is nothing but a special kind of file, simply containing a list of files and directories contained within it.
Now, let's clearly lay out what does the three permission (read, write, execute) type mean for a directory. Assume that the logged in user in question is the owner of the directory (to keep things simple)
read: The directory (technically the directory file), can be read, i.e. the directory contents can be listed for e.g. using the
ls
command.write: The directory (technically the directory file), can be written. This means that a new file/sub-directory can be created and deleted by using commands like
touch
,vim
,cp
etc.execute: The directory (technically the directory file), can be executed. This simply means that the owner can change to this directory, i.e.
cd
into the directory.
Now carefully think about each one of the above discussed permissions independently. Here are the various possibilities of permissions and what the owner can do in each case:
- - -
: No permissions. The directory is practically useless.- - x
: Owner can change into the directory, but can neither create/delete file/directory into it, nor can she list directory contents.- w -
: Owner can create/delete file/directory inside this directory, but can neither list its contents, nor can she change into it.- w x
: Owner can create/delete file/directory inside this directory, change into it, but cannot list its contents.r - -
: Owner can only list directory contents.r - x
: Owner can not create/delete file/directory inside this directory.r w -
: Owner cannot change into this directory.r w x
: Owner can perform all three actions in the directory.
Now this should help in getting a clear-cut understanding of what actions are possible with which directory permissions.
Once the above concepts make sense to you, let's go through your problem statements again:
From what I (thought) I understood, read permission means you can view the contents of a directory (i.e.,
ls directory
should list the contents of the directory);
This is absolutely correct and should be obvious from the discussion above.
write permission means you can create, modify, or delete files in the directory (i.e.,
touch directory/newfile
, orvi directory/fileimade
, orrm directory/fileihate
, all should work);
Partially correct. With write permission available in the directory, you can write the directory file, this means adding and deleting content to the directory file. (This should be clear by now but I will re-iterate, a directory is simply a file, although special one, which simply stores a list of all the contained files and sub-directories.) This means you can create and delete files (or directories) in the directory but cannot modify files unless you have write permission available on the file. You can delete a file where you don't have read or write permission, since you have write permission available for the containing directory. touch directory/newfile
, or vi directory/fileimade
, or rm directory/fileihate
, all should work fine.
and execute permission means you can make the directory your working directory (i.e.,
cd directory
should work)
Absolutely correct.
If I have
r--
on a directory, I receive errors on attemptingcd directory
ortouch directory/newfile
, as expected. But if I runls directory
-- well, I don't get an error, but no files are listed, even if I know there are files that I own and/or have rights to within the directory. So,ls
has run successfully but with no data to standard output. Why not?
You are right. The case where no output is shown occurs when the directory is completely empty. If you have read permission on a directory, the contents should get listed irrespective of permission on files/sub-directories. Another possibility is that the files and directories are hidden. Try running ls -a directory
. You can re-check to make sure that you have read permission on the directory by running ls -ld directory
. Also check the output of alias ls
.
If I have
-w-
on a directory, I receive errors oncd
andls
, as expected. But if I try to create a new file -touch directory/newfile
- I also get an error. Why?
You should be able to create a file, unless no other file/directory of same name exists already. What is the error that you get?
All of the x categories work exactly as expected; I can
cd
into directories with--x
, but nothing else. I cancd
into directories with-wx
, create and delete files, butls
returns an error. And I cancd
intor-x
directories, list their contents, and work on files for which I have existing permissions, but cannot create or delete files. All these make sense to me.So what am I not understanding correctly about
r--
and-w-
?
Please go through the discussion above once more and see if that helps.