HOWTO for UNIX/Linux "permission anomaly" (C) 2006-2024 T.Birnthaler/H.Gottschalk OSTC Open Source Training and Consulting GmbH http://www.ostc.de $Id: unix-rights-anomaly-eng-HOWTO.txt,v 1.20 2025/02/23 20:14:55 tsbirn Exp $ This document describes the "permission anomaly" on UNIX/Linux systems. That means, whether some operations on files are allowed or not depends on the directory permissions the file is located in and some of them depend on the file permissions itself. ________________________________________________________________________________ Table of Contents 1) Introduction 2) Permission needed for certain tasks ________________________________________________________________________________ 1) Introduction --------------- The permission COMBINATION of a FILE and the DIRECTORY it is located in, decides what OPERATIONS are allowed on a file and which one's are not allowed. * FILE PERMISSIONS decide about the right to do operations on FILE CONTENT (e.g. read, copy, change, call as program) * DIRECTORY PERMISSIONS decide about the right to do operations on FILE NAME located in the directory (e.g. create, rename, move, delete) The simple example of a FILE located in a DIRECTORY is used to illustrate these rules by showing the operations allowed in 2 different cases (A) + (B): (A) (B) +=============+ rwx | DIRECTORY | r-x +======+======+ | ,------+------. r-- | FILE | rw- `-------------' +-----------------------------------------------------------+-----------+ | | NECESSARY | +--------------------+---------+------------+-------+-------+-----------+ | FILE OPERATION | COMMAND | ACCESSES | (A) | (B) | DIR FILE | +--------------------+---------+------------+-------+-------+-----------+ | Read/Open | more | Content | yes | yes | --x r-- | | Copy | cp | Content | yes | (yes) | --x r-- | | Overwrite/Save | > | Content | -- | yes | --x -w- | | Edit = Change | vi | Content | -- | yes | --x rw- | | (Read + Write) | | | | | | | Delete content | > | Content | -- | yes | --x -w- | | Print content | lpr | Content | yes | yes | --x r-- | +--------------------+---------+------------+-------+-------+-----------+ | Touch (file there) | touch | Name/Inode | yes | yes | --x --- | | Create hard link | ln | Name/Inode | yes | (yes) | -wx --- | | Create soft link | ln -s | Name | yes | (yes) | -wx --- | | Create (file miss) | touch | Name | yes | -- | -wx --- | | Rename | mv | Name | yes | -- | -wx --- | | Move | mv | Name | yes | -- | -wx --- | | Remove file | rm | Name | yes | -- | -wx --- | +--------------------+---------+------------+-------+-------+-----------+ | Execute | ./FILE | Permissions| -- | -- | --x r-x | +--------------------+---------+------------+-------+-------+-----------+ DIR = Directory FILE = File (yes) = If target directory is a different one (with write permission!) HINT: If a directory is not readable (permission "r" missing) a FILENAME to be accessed in it has to be known by heart (as a directory content listing via "ls" is impossible then)! 2) Permission needed for certain tasks -------------------------------------- +------------------------------+----------+-------+-------+-------+ | | COMMAND | DIR. | FILE | REFER | +------------------------------+----------+-------+-------+-------+ | Change into directory | cd | - - x | - - - | | | List directory content | ls | r - - | - - - | N | | List file info (inode) | ls -l | r - x | - - - | N M | +------------------------------+----------+-------+-------+-------+ | Touch file (inode) | touch | - - x | - - - | N M | | Read/Open file | more | - - x | r - - | N C | | Write/Save file (not create) | > FILE | - - x | - w - | N C M | | Edit file (change) | vi | - - x | r w - | N C | | Copy file (from directory) | cp | - - x | r - - | N C | | Print file (inode) | lpr | - - x | r - - | N C | +------------------------------+----------+-------+-------+-------+ | Copy file (into directory) | cp | - w x | r - - | N C M | | Create file | > FILE | - w x | - - - | N C M | | Rename file | mv | - w x | - - - | N | | Move file | mv | - w x | - - - | N | | Delete file | rm | - w x | - - - | N M | +------------------------------+----------+-------+-------+-------+ | Execute binary program | FILE | - - x | - - x | N C | | Execute shell script (A) | FILE | - - x | r - x | N C | | Execute shell script (B) | sh FILE | - - x | r - - | N C | | Create hard link to file | ln | - w x | - - - | N M | | Create soft link to file | ln -s | - w - | - - - | N | | Use soft link to file | | - - x | - - - | N | +------------------------------+----------+-------+-------+-------+ | Change owner | chown | root only | M | | Change owner group | chgrp | owner only | M | | Change permissions | chmod | owner only | M | | Change attributes (date) | touch | owner only | M | +------------------------------+----------+---------------+-------+ REFER = N)ame, C)ontent, M)etadata HINT: If a directory is not readable (permission "r" missing) a FILENAME to be accessed in it has to be known by heart (as a directory content listing via "ls" is impossible then)!