Then where does the combination rwx come in here? With read the app knows the file is there, with write it writes to the file. Question is, where the necessity would be to know the owner of the file or even the kind. The logger is supposed to just append text to a file. If it were trying to append text to something it doesn't have the ownership for, it should just get an error, as that would ultimately be the case when it tries to write to the file knowing it doesn't have ownership because the user said so. No need for further knowledge.
Am So., 19. Mai 2024 um 17:04 Uhr schrieb Greg Wooledge <g...@wooledge.org>: > On Sun, May 19, 2024 at 04:55:09PM +0200, Richard wrote: > > Dovecot expects execution permissions on the directory it writes the logs > > to. Because "Standard POSIX permissions for a non-root process to enter a > > directory." How on earth is that even a thing? > > That's how Unix permissions have always worked. In order to access > a file, you need +x permissions on *all* of the directories leading > up to that file, and then appropriate permissions on the file itself. > > If you have read permission on a directory but *not* execute permissions, > then the only thing you can do is read the contents of that directory -- > the filenames and their inode numbers. You cannot stat() the files, > so you can't see who owns them or even what kind of files they are. > Just their names. > > If you have execute permission but *not* read permission on a directory, > then you can access the files within the directory, but only if you > already know their names. You can't read the directory to get their > names. > > Likewise, write permission on a directory allows you to rename or unlink > files contained within that directory (because the names are not a > property of the files -- they are part of the *directory*). You don't > need write permission on a file to unlink it. Only on the directory. > >
