Execute vs Read bit. How do directory permissions in Linux work?
In my CMS, I noticed that directories need the executable bit (
+x) set for the user to open them. Why is the execute permission required to read a directory, and how do directory permissions in Linux work?
Think like this: the directory entry contains file *names*, so "reading" a directory is listing the files, "using" the directory is accessing the files.
With directory __execute bit set__, you are allowed to __traverse its hierachy__. Given you belong to "other" people and only have execute bit set (`chmod 771 dirOne`) you cannot list dirOne content. BUT if it contains a sub directory "dirTwo" with rights set like (`chmod 774 dirTwo`) you can actually list its content !
When applying permissions to directories on Linux, the permission bits have different meanings than on regular files.
- The read bit (
r) allows the affected user to list the files within the directory
- The write bit (
w) allows the affected user to create, rename, or delete files within the directory, and modify the directory's attributes
- The execute bit (
x) allows the affected user to enter the directory, and access files and directories inside
- The sticky bit (
tif the execute bit is set for others) states that files and directories within that directory may only be deleted or renamed by their owner (or root)
Great answer, but I think the last sentence is misleading. None of these permissions can be overridden per-file actually. Here “access” is a bit ambiguous: `+x` on the directory grants access to files inodes through this *specific* directory (nothing less, nothing more, well… maybe `chdir` needs `+x` too). To read or write the contents of one file, the user also needs `+r`/`+w` on this file, but those are distinct permissions (they do not override anything).
The immutable flag is filesystem specific and it won't precisely override those permissions, that's why I think the last sentence is misleading :-)
I think it might be useful to mention ACL in this and other answers, cause their application for some directories can be misleading if one will consider only information provided by Chris Down
Seems that this answer doesn't mention the combined effect of write bit and execute bit, as Baldrick's answer mentions below? i.e. if you only have write permission but not execution permission, then it's quite useless.
@StéphaneGimenez "`+x` on the directory grants access to files inodes" -- This seems like a good nemonic, but perhaps doesn't tell the whole story? Without the execute bit set on a directory, you can't change the filename of a file in that directory. I'm wondering why this is, because the filename is stored in a directory entry, not an inode.
@Chris, With only write permission but not execute, can I know the inodes of stuff in the directory?
@Chris: What “directory attributes” can you modify if you have write permission, but aren’t the owner?
- The read bit (