On Fri 2003-03-07 at 17:03:31 -0000, [EMAIL PROTECTED] wrote: > Its all to do with the x. for a file it means the owner/group can execute > that file. But for a directory, anybody in the group for that directory can > delete any file in the root of that directory, even if the group permissions > for that file say they can't.
Sorry, but that is wrong. The x bit for directories is about being
able access the content of a directory at all. The w bit determines
whether you may delete (or create) files within a directory. And for
completness' sake, the r bit controls whether you may list the
content:
# preparation
newton:~> mkdir test
newton:~> echo bar > test/foo
newton:~> ls -ld test
drwxrwx--- 2 philemon philemon 4096 Mar 8 00:29 test
newton:~> ls -l test
total 4
-rw-rw---- 1 philemon philemon 4 Mar 8 00:29 foo
# test what x does
newton:~> chmod a-x test
newton:~> ls test
foo
newton:~> cat test/foo
cat: test/foo: Permission denied
newton:~> cd test
test: Permission denied.
newton:~> touch test/foo2
touch: cannot touch `test/foo2': Permission denied
newton:~> chmod a+x test
# summary: lack of x forbids any access except accessing list of contents
# test for w
newton:~> chmod a-w test
newton:~> ls test
foo
newton:~> cat test/foo
bar
newton:~> cd test
newton:~/test> cd ..
newton:~> rm test/foo
rm: cannot remove `test/foo': Permission denied
newton:~> touch test/foo2
touch: cannot touch `test/foo2': Permission denied
newton:~> echo wah > test/foo2
test/foo2: Permission denied.
newton:~> echo wah > test/foo
newton:~> cat test/foo
wah
newton:~> chmod a+w test
# summary: lack of w forbids only deletion or creation of files, but
# allows changing of existing ones
# test for r
newton:~> chmod a-r test
newton:~> ls test
ls: test: Permission denied
newton:~> cat test/foo
wah
newton:~> cd test
newton:~/test> cd ..
newton:~> touch test/foo2
newton:~> chmod a+r test
newton:~> rm -rf test
# summary: lack of r forbids listing the directories content, but
# direct access to content still works
If you think about a directory as being a list of files and the
permissions working on that, at least the "r" and "w" behaviour is
intuitive at once:
"r" tells if you are allowed to read the list of files (but nothing
about accessing the files themselves);
"w" tells if you are allowed to write to the list (creating/deleting
files would change the list, but changing the content of existing
files would not); and
"x" can be thought of really being about what is contained in the
directory, not the list of files (therefore looking at the list
is still allowed, but nothing else).
HTH,
Benjamin.
PS: I did approach the issue from the side of "what happens if I take
away that bit". Doing the tests when only one is set is left as an
excersise for the reader. ;-)
pgp00000.pgp
Description: PGP signature
