On Fri 2003-03-07 at 17:03:31 -0000, [EMAIL PROTECTED] wrote: > Its all to do with the x. for a file it means the owner/group can execute > that file. But for a directory, anybody in the group for that directory can > delete any file in the root of that directory, even if the group permissions > for that file say they can't.
Sorry, but that is wrong. The x bit for directories is about being able access the content of a directory at all. The w bit determines whether you may delete (or create) files within a directory. And for completness' sake, the r bit controls whether you may list the content: # preparation newton:~> mkdir test newton:~> echo bar > test/foo newton:~> ls -ld test drwxrwx--- 2 philemon philemon 4096 Mar 8 00:29 test newton:~> ls -l test total 4 -rw-rw---- 1 philemon philemon 4 Mar 8 00:29 foo # test what x does newton:~> chmod a-x test newton:~> ls test foo newton:~> cat test/foo cat: test/foo: Permission denied newton:~> cd test test: Permission denied. newton:~> touch test/foo2 touch: cannot touch `test/foo2': Permission denied newton:~> chmod a+x test # summary: lack of x forbids any access except accessing list of contents # test for w newton:~> chmod a-w test newton:~> ls test foo newton:~> cat test/foo bar newton:~> cd test newton:~/test> cd .. newton:~> rm test/foo rm: cannot remove `test/foo': Permission denied newton:~> touch test/foo2 touch: cannot touch `test/foo2': Permission denied newton:~> echo wah > test/foo2 test/foo2: Permission denied. newton:~> echo wah > test/foo newton:~> cat test/foo wah newton:~> chmod a+w test # summary: lack of w forbids only deletion or creation of files, but # allows changing of existing ones # test for r newton:~> chmod a-r test newton:~> ls test ls: test: Permission denied newton:~> cat test/foo wah newton:~> cd test newton:~/test> cd .. newton:~> touch test/foo2 newton:~> chmod a+r test newton:~> rm -rf test # summary: lack of r forbids listing the directories content, but # direct access to content still works If you think about a directory as being a list of files and the permissions working on that, at least the "r" and "w" behaviour is intuitive at once: "r" tells if you are allowed to read the list of files (but nothing about accessing the files themselves); "w" tells if you are allowed to write to the list (creating/deleting files would change the list, but changing the content of existing files would not); and "x" can be thought of really being about what is contained in the directory, not the list of files (therefore looking at the list is still allowed, but nothing else). HTH, Benjamin. PS: I did approach the issue from the side of "what happens if I take away that bit". Doing the tests when only one is set is left as an excersise for the reader. ;-)
pgp00000.pgp
Description: PGP signature