On Fri 2003-03-07 at 17:03:31 -0000, [EMAIL PROTECTED] wrote:
Its all to do with the x. for a file it means the owner/group can execute that file. But for a directory, anybody in the group for that directory can delete any file in the root of that directory, even if the group permissions for that file say they can't.
Sorry, but that is wrong. The x bit for directories is about being able access the content of a directory at all. The w bit determines whether you may delete (or create) files within a directory. And for completness' sake, the r bit controls whether you may list the content:
# preparation newton:~> mkdir test newton:~> echo bar > test/foo newton:~> ls -ld test drwxrwx--- 2 philemon philemon 4096 Mar 8 00:29 test newton:~> ls -l test total 4 -rw-rw---- 1 philemon philemon 4 Mar 8 00:29 foo
# test what x does newton:~> chmod a-x test newton:~> ls test foo newton:~> cat test/foo cat: test/foo: Permission denied newton:~> cd test test: Permission denied. newton:~> touch test/foo2 touch: cannot touch `test/foo2': Permission denied newton:~> chmod a+x test # summary: lack of x forbids any access except accessing list of contents
# test for w newton:~> chmod a-w test newton:~> ls test foo newton:~> cat test/foo bar newton:~> cd test newton:~/test> cd .. newton:~> rm test/foo rm: cannot remove `test/foo': Permission denied newton:~> touch test/foo2 touch: cannot touch `test/foo2': Permission denied newton:~> echo wah > test/foo2 test/foo2: Permission denied. newton:~> echo wah > test/foo newton:~> cat test/foo wah newton:~> chmod a+w test # summary: lack of w forbids only deletion or creation of files, but # allows changing of existing ones
# test for r newton:~> chmod a-r test newton:~> ls test ls: test: Permission denied newton:~> cat test/foo wah newton:~> cd test newton:~/test> cd .. newton:~> touch test/foo2 newton:~> chmod a+r test newton:~> rm -rf test # summary: lack of r forbids listing the directories content, but # direct access to content still works
If you think about a directory as being a list of files and the permissions working on that, at least the "r" and "w" behaviour is intuitive at once:
"r" tells if you are allowed to read the list of files (but nothing about accessing the files themselves);
"w" tells if you are allowed to write to the list (creating/deleting files would change the list, but changing the content of existing files would not); and
"x" can be thought of really being about what is contained in the directory, not the list of files (therefore looking at the list is still allowed, but nothing else).
Thanks to Benjamin for putting that one to rest. Being the chivalrous person I am, I never respond to queries with "RTFM", but I do think "man chmod" is a very valuable document which contains pearls of wisdom, e.g.
"The letters `rwxXstugo' select the new permissions for the affected
users: read (r), write (w), execute ******(or access for directories)***** (x), execute only if the file is a directory or already has execute permission for some user (X), set user or group ID on execution (s), sticky (t), the permissions granted to the user who owns the file (u), the permissions granted to other users who are members of the file's group (g), and the permissions granted to users that are in neither of the two preceding categories (o)."
"man ls" and "man rm" a pretty good, too ;-)
Sir Robin
-- "The raisins may be the best part of a cake, but that doesn't mean that a bag of raisins is better than a cake." - Wittgenstein
Robin Turner IDMYO Bilkent Univeritesi Ankara 06533 Turkey
www.bilkent.edu.tr/~robin
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com