HOWTO for UNIX/Linux "permission anomaly"
(C) 2006-2007 T.Birnthaler/H.Gottschalk <howtos(at)ostc.de>
OSTC GmbH, www.ostc.de
$Id: unix-rights-anomaly-eng-HOWTO.txt,v 1.10 2009-03-25 09:24:30 tsbirn Exp $
This document describes the "permission anomaly" on UNIX/Linux systems. That
means, whether some operations on files are allowed or not depends on the
directory permissions the file is located in and some of them depend on the
file permissions itself.
1) Introduction
2) Permission needed for certain tasks
The permission COMBINATION of a file and the directory it is located in,
decides what operations are allowed on a file and which one's are not allowed.
* FILE PERMISSIONS decide about the right to do operations on the FILES CONTENT
(e.g. read, copy, change, call as program)
* DIRECTORY PERMISSIONS decide about the right to do operations on the FILE
NAMES located in the directory (e.g. create, rename, move, delete)
The simple example of a file located in a directory will be used to illustrate
these rules by showing the operations allowed in 2 different cases (A) + (B)
respectivly:
(A) (B)
#=============#
rwx | Directory | r-x
#======#======#
|
+------+------+
r-- | File | rw-
+-------------+
| File operation | References | (A) | (B) |
+--------------------------+------------+-------------+------------+
| Read/Open (more) | Content | yes | yes |
| Copy (cp) | Content | yes | no (*) |
| Overwrite/Save (>) | Content | no | yes |
| Edit (vi) | Content | no | yes |
| (Change=Read + Write) | | |
| Delete content (>) | Content | no | yes |
+--------------------------+------------+-------------+------------+
| Touch (touch) | Name/Inode | yes | yes |
| Create hard link (ln) | Name/Inode | yes | no (*) |
| Create soft link (ln -s) | Name | yes | no (*) |
| Create (touch) | Name | yes | no |
| Rename (mv) | Name | yes | no |
| Move (mv) | Name | yes | no |
| Remove file (rm) | Name | yes | no |
+--------------------------+------------+-------------+------------+
| Execute (./FILE) | Permissions| no | no |
+--------------------------+------------+-------------+------------+
(*) "yes" if target directory is a different one (with write permission set)
If a directory is not readable all file names to be accessed in it
have to be known by heart (as directory content listing is impossible)!
| | Command | Dir. | File |
+------------------------------+----------+-------+-------+
| Change into directory | cd | - - x | - - - |
| List directory content | ls | r - x | - - - |
| List file info (inode) | ls -l | r - x | - - - |
+------------------------------+----------+-------+-------+
| Touch file (inode) | touch | - - x | - - - |
| Read/Open file | more | - - x | r - - |
| Write/Save file (not create) | > FILE | - - x | - w - |
| Edit file (change) | vi | - - x | r w - |
| Copy file (from directory) | cp | - - x | r - - |
+------------------------------+----------+-------+-------+
| Copy file (into directory) | cp | - w x | r - - |
| Create file | > FILE | - w x | - - - |
| Rename file | mv | - w x | - - - |
| Move file | mv | - w x | - - - |
| Delete file | rm | - w x | - - - |
+------------------------------+----------+-------+-------+
| Execute binary program | FILE | - - x | - - x |
| Execute shell script (A) | FILE | - - x | r - x |
| Execute shell script (B) | sh FILE | - - x | r - - |
| Create hard link to file | ln | - w x | - - - |
| Create soft link to file | ln -s | - w - | - - - |
+------------------------------+----------+-------+-------+
| Change owner | chown | root only |
| Change owner group | chgrp | owner only |
| Change permissions | chmod | owner only |
| Change attributes (date) | touch | owner only |
+------------------------------+----------+---------------+
If a directory is not readable all file names to be accessed in it
have to be known by heart (as directory content listing is impossible)!