Back to top

Linux Permissions

Scenario:

Let us assume that there is directory named box. Inside this directory is a file called cobra. The content of this file reads King Cobra is the king of all the snakes.

For simplicity, we will only be concerned with owner's permission for the parent directory. We will also assume that the child file cobra has following permission:

r--r--r--

This translates to read only permission for all.

We will observe what each permission's individual impact will be regarding the parent directory box and the child file cobra.

First we need to understand that a directory is actually a file which contains the list of files and directories that exist inside it.

 

To verify it if we type vim box, we get following output

" ============================================================================                                                                                            
" Netrw Directory Listing                                        (netrw v149)
"   /home/apurwa/Music/box
"   Sorted by      name
"   Sort sequence: [\/]$,\<core\%(\.\d\+\)\=\>,\.h$,\.c$,\.cpp$,\~\=\*$,*,\.o$,\.obj$,\.info$,\.swp$,\.bak$,\~$
"   Quick Help: <F1>:help  -:go up dir  D:delete  R:rename  s:sort-by  x:exec
" ============================================================================
../
./
cobra
.swp

 

We can see that the content has cobra in it which tells us that there is a file called cobra in this directory. If there was another directory called snakes inside our directory box, the output of vim box would be as follows:

" ============================================================================                                                                                            
" Netrw Directory Listing                                        (netrw v149)
"   /home/apurwa/Music/box
"   Sorted by      name
"   Sort sequence: [\/]$,\<core\%(\.\d\+\)\=\>,\.h$,\.c$,\.cpp$,\~\=\*$,*,\.o$,\.obj$,\.info$,\.swp$,\.bak$,\~$
"   Quick Help: <F1>:help  -:go up dir  D:delete  R:rename  s:sort-by  x:exec
" ============================================================================
../
./
snakes/
cobra
.swp

Now we can see snakes/ as well in the content.

Now, when a file inside this directory needs to be deleted, the name of that file also needs to be removed from above content. However, parent directory's permission come into consideration when the above content needs to be updated. Likewise, when the file cobra needs to be renamed it has to be updated in this content as well.

Thus deleting or renaming a child file or directory is directly concerned with the permission of the parent directory.

Note: In order to view the content of the directory in above mentioned way, we need atleast two permissions: read and execute.

So we can say, deleting or renaming a child concerns the parent but editing the content of the child does not.

Color Codes:

Commands in blue
Output in purple
Explanation in green
Note in dark grey
 
Note: $ indicates non-root access

Case 1

Owner has ready only permission in the folder box.

Command: $ cd box

Output: bash: cd: box/: Permission denied

Explanation: Due to lack of execute permission, directory access is blocked.

 

Command: $ ls box

Output: ls: cannot access box/cobra: Permission denied
cobra

Explanation: Due to lack of execute permission, directory access is blocked. However, due to read permission directory content can be read.

 

Command: $ ls -l box

Output: ls: cannot access box/cobra: Permission denied
total 0
-????????? ? ? ? ?              ? cobra

Explanation: Due to lack of execute permission, directory access is blocked.

However, due to read permission directory content can be read. But due to lack of execute permission, meta data cannot be read.

 

Command: $ ls box/cobra

Output: ls: cannot access box/cobra: Permission denied

Explanation: Due to lack of execute permission, directory access is blocked.

 

Command: $ ls -l box/cobra

Output: ls: cannot access box/cobra: Permission denied

Explanation: Due to lack of execute permission, directory access is blocked.

 

Command: $ cat box/cobra

Output: cat: box/cobra: Permission denied

Explanation: Due to lack of execute permission, directory access is blocked.

 

Command: $ rm box/cobra

Output: rm: cannot remove ‘box/cobra’: Permission denied

Expanation: Due to lack of execute permission, directory access is blocked in the first place.

 


Case 2

Owner has write only permission in the folder box.

Command: $ cd box

Output: bash: cd: box/: Permission denied

Explanation: Due to lack of execute permission, directory access is blocked.

 

Command: $ ls box

Output: ls: cannot open directory box: Permission denied

Explanation: Due to lack of read permission, directory content cannot be read.

 

Command: $ ls -l box

Output: ls: cannot open directory box: Permission denied

Explanation: Due to lack of read permission, directory content cannot be read.

 

Command: $ ls box/cobra

Output: ls: cannot open directory box: Permission denied

Explanation: Due to lack of execute permission, directory access is blocked.

 

Command: $ ls -l box/cobra

Output: ls: cannot open directory box: Permission denied

Explanation: Due to lack of execute permission, directory access is blocked.

 

Command: $ cat box/cobra

Output: cat: box/cobra: Permission denied

Explanation: Due to lack of execute permission, directory access is blocked.

 

Command: $ rm box/cobra

Output: rm: cannot remove ‘box/cobra’: Permission denied

Expanation: Due to lack of execute permission, directory access is blocked in the first place.

 


Case 3

Owner has execute only permission in the folder box.

Command: $ cd box

Output: Working directory changed

Explanation: Due to execute permissions, directory access is granted.

 

Command: $ ls box

Output: ls: cannot open directory box: Permission denied

Explanation: Due to lack of read permission, directory content cannot be read.

 

Command: $ ls -l box

Output: ls: cannot open directory box: Permission denied

Explanation: Due to lack of read permission, directory content cannot be read.

 

Command: $ ls box/cobra

Output: box/cobra

Explanation: Due to execute permission, directory access is granted.

 

Command: $ ls -l box/cobra

Output: -r--r--r-- 1 apurwa apurwa 46 December  8 18:14 box/cobra

Explanation: Due to execute permission on the directory and read permission on the file, directory content along with meta data can be read.

 

Command: $ cat box/cobra

Output: The King Cobra is the king of all the snakes.

Explanation: Due to execute permission, directory access is granted and due to read permission on the file, the file content can be read.

 

Command: rm box/cobra

Output: rm: remove write-protected regular file ‘box/cobra’? y

rm: cannot remove ‘box/cobra’: Permission denied

Expanation: Due to execute permission on the parent directory, child file can be accessed in order to be deleted but due to lack of write permission in the parent directory it cannot be deleted.

 

Let us summarize our findings as follows:

  • Read permission gives us command autocompletion privilege. Besides that, it allows to display the directory content but without the meta data.
  • Write permission on its own has no impact at all. However, write and execute permission in combination makes it possible to delete the child items.
  • If parent directory doesnt have write permission, child items cannot be renamed or deleted in any case (even if the user has read, write and execute permission on the child item). However, the content of the child item can be edited.
  • Execute permission is a must in order to access a directory and view the meta data of files and directories.

 


Reference table

Permission/Command cd box ls box ls -l box ls box/cobra ls -l box/cobra cat box/cobra rm box/cobra
Read Only bash: cd: box/: Permission denied ls: cannot access box/cobra: Permission denied
cobra
ls: cannot access box/cobra: Permission denied
total 0
-????????? ? ? ? ?              ? cobra
ls: cannot access box/cobra: Permission denied ls: cannot access box/cobra: Permission denied cat: box/cobra: Permission denied rm: cannot remove ‘box/cobra’: Permission denied
Write Only bash: cd: box/: Permission denied ls: cannot open directory box: Permission denied ls: cannot open directory box: Permission denied ls: cannot open directory box: Permission denied ls: cannot open directory box: Permission denied cat: box/cobra: Permission denied rm: cannot remove ‘box/cobra’: Permission denied
Execute Only Working directory changed ls: cannot open directory box: Permission denied ls: cannot open directory box: Permission denied box/cobra -r--r--r-- 1 apurwa apurwa 46 December  8 18:14 box/cobra The King Cobra is the king of all the snakes. rm: remove write-protected regular file ‘box/cobra’? y
rm: cannot remove ‘box/cobra’: Permission denied
Read and Execute Working directory changed cobra dr-xr-x--- 2 apurwa apurwa 4096 December  8 20:18 ./
drwxrwx--- 3 apurwa apurwa 4096 December  8 19:14 ../
-r--r--r-- 1 apurwa apurwa   46 December  8 18:14 cobra
 
box/cobra -r--r--r-- 1 apurwa apurwa 46 December  8 18:14 box/cobra The King Cobra is the king of all the snakes. rm: remove write-protected regular file ‘box/cobra’? y
rm: cannot remove ‘box/cobra’: Permission denied
Write and Execute Working directory changed ls: cannot open directory box: Permission denied ls: cannot open directory box: Permission denied box/cobra -r--r--r-- 1 apurwa apurwa 46 December  8 18:14 box/cobra The King Cobra is the king of all the snakes. File deleted

Note: Permission refers to owner permission on the parent folder box.