HOWTO for UNIX/Linux "permission anomaly" (C) 2006-2017 T.Birnthaler/H.Gottschalk OSTC Open Source Training and Consulting GmbH http://www.ostc.de $Id: unix-rights-anomaly-eng-HOWTO.txt,v 1.19 2019/11/26 19:37:07 tsbirn Exp $ This document describes the "permission anomaly" on UNIX/Linux systems. That means, whether some operations on files are allowed or not depends on the directory permissions the file is located in and some of them depend on the file permissions itself. ________________________________________________________________________________ Table of Contents 1) Introduction 2) Permission needed for certain tasks ________________________________________________________________________________ 1) Introduction --------------- The permission COMBINATION of a file and the directory it is located in, decides what operations are allowed on a file and which one's are not allowed. * FILE PERMISSIONS decide about the right to do operations on the FILES CONTENT (e.g. read, copy, change, call as program) * DIRECTORY PERMISSIONS decide about the right to do operations on the FILE NAMES located in the directory (e.g. create, rename, move, delete) The simple example of a FILE located in a DIRECTORY is used to illustrate these rules by showing the operations allowed in 2 different cases (A) + (B): (A) (B) +=============+ rwx | DIRECTORY | r-x +======+======+ | ,------+------. r-- | FILE | rw- `-------------' +---------------------------+------------+-----------+------------+ | File operation | References | (A) | (B) | +---------------------------+------------+-----------+------------+ | Read/Open (more) | Content | yes | yes | | Copy (cp) | Content | yes | -- (*) | | Overwrite/Save (>) | Content | -- | yes | | Edit = Change (vi) | Content | -- | yes | | (Read + Write) | | | | | Delete content (>) | Content | -- | yes | | Print content (lpr) | Content | yes | yes | +---------------------------+------------+-----------+------------+ | Touch (touch) | Name/Inode | yes | yes | | Create hard link (ln) | Name/Inode | yes | -- (*) | | Create soft link (ln -s) | Name | yes | -- (*) | | Create (touch) | Name | yes | -- | | Rename (mv) | Name | yes | -- | | Move (mv) | Name | yes | -- | | Remove file (rm) | Name | yes | -- | +---------------------------+------------+-----------+------------+ | Execute (./FILE) | Permissions| -- | -- | +---------------------------+------------+-----------+------------+ (*) "yes" if target directory is a different one (with write permission set) If a directory is not readable a file name to be accessed in it has to be known by heart (as directory content listing is impossible)! 2) Permission needed for certain tasks -------------------------------------- +------------------------------+----------+-------+-------+-------+ | | Command | Dir. | File | Type | +------------------------------+----------+-------+-------+-------+ | Change into directory | cd | - - x | - - - | | | List directory content | ls | r - - | - - - | N | | List file info (inode) | ls -l | r - x | - - - | N M | +------------------------------+----------+-------+-------+-------+ | Touch file (inode) | touch | - - x | - - - | N M | | Read/Open file | more | - - x | r - - | N C | | Write/Save file (not create) | > FILE | - - x | - w - | N C M | | Edit file (change) | vi | - - x | r w - | N C | | Copy file (from directory) | cp | - - x | r - - | N C | | Print file (inode) | lpr | - - x | r - - | N C | +------------------------------+----------+-------+-------+-------+ | Copy file (into directory) | cp | - w x | r - - | N C M | | Create file | > FILE | - w x | - - - | N C M | | Rename file | mv | - w x | - - - | N | | Move file | mv | - w x | - - - | N | | Delete file | rm | - w x | - - - | N M | +------------------------------+----------+-------+-------+-------+ | Execute binary program | FILE | - - x | - - x | N C | | Execute shell script (A) | FILE | - - x | r - x | N C | | Execute shell script (B) | sh FILE | - - x | r - - | N C | | Create hard link to file | ln | - w x | - - - | N M | | Create soft link to file | ln -s | - w - | - - - | N | | Use soft link to file | | - - x | - - - | N | +------------------------------+----------+-------+-------+-------+ | Change owner | chown | root only | M | | Change owner group | chgrp | owner only | M | | Change permissions | chmod | owner only | M | | Change attributes (date) | touch | owner only | M | +------------------------------+----------+---------------+-------+ Typ = N)ame C)ontent M)etadata If a directory is not readable all file names to be accessed in it have to be known by heart (as directory content listing is impossible)!