Execute vs Read bit. How do directory permissions in Linux work?

Execute vs Read bit. How do directory permissions in Linux work?

When applying permissions to directories on Linux, the permission bits have different meanings than on regular files.

The read bit allows the affected user to list the files within the directory
The write bit allows the affected user to create, rename, or delete files within the directory, and modify the directory’s attributes
The execute bit allows the affected user to enter the directory, and access files and directories inside
The sticky bit states that files and directories within that directory may only be deleted or renamed by their owner (or root)

– – –

First, think: What is a directory? It’s just a list of items (files and other directories) that live within. So: directory = list of names.

Read bit = If set, you can read this list. So, for example, if you have a directory named poems:

You can ls poems and you’ll get a list of items living within (-l won’t reveal any details!).
You can use command-line completion i.e. touch poems/so poems/somefile.
You cannot make poems your working directory (i.e. cd into it).
Write bit = If set, you can modify this list i.e. you can {add,rename,delete} names on it. But! You can actually do it only if the execute bit is set too.

Execute bit = Make this directory your working directory i.e. cd into it. You need this permission if you want to:

access (read, write, execute) items living within.
modify the list itself i.e. add, rename, delete names on it (of course the write bit must be set on the directory).
Interesting case 1: If you have write + execute permissions on a directory, you can {delete,rename} items living within even if you don’t have write perimission on those items. (use sticky bit to prevent this)

Interesting case 2: If you have execute (but not write) permission on a directory AND you have write permission on a file living within, you cannot delete the file (because it involves removing it from the list). However, you can erase its contents e.g. if it’s a text file you can use vi to open it and delete everything. The file will still be there, but it will be empty.

Summary:

Read bit = You can read the names on the list.
Write bit = You can {add,rename,delete} names on the list IF the execute bit is set too.
Execute bit = You can make this directory your working directory.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.