I wonder - why, when some folder has read
or read-write
permissions for GROUP
(or other
), the members of the GROUP
(or other
) can't access this folder?
I'm almost sure there is a logical explanation, but I can't find it. Let me give an example.
Initial circumstances
1. There are two users, called admin
and guest
.
2. There is a folder, called /var/www/test-dir
:
$ getfacl -pt /var/www/test-dir/
# file: /var/www/test-dir/
USER root rwx
GROUP admin r-x
other r-x
3. Within these permissions all users are able to access the folder:
USER root rwx (7)
is able to access the folder.GROUP admin r-x (5)
is able to access the folder.other guest r-x (5)
is able to access the folder.guest@host:~$ cd /var/www/test-dir/ guest@host:/var/www/test-dir$
Cases
Case 1: other
has r--
permissions but admin
can't access the folder:
root@host:~# chmod 574 /var/www/test-dir/
USER root r-x (5)
is able to access the folder.GROUP admin rwx (7)
is able to access the folder.other guest r-- (4)
is unable to access the folder.guest@host:~$ cd /var/www/test-dir bash: cd: /var/www/test-dir/: Permission denied
Case 2: other
has rw-
permissions but guest
can't access the folder:
root@host:~# chmod 656 /var/www/test-dir/
USER root rw- (6)
is able to access the folder.GROUP admin r-x (5)
is able to access the folder.other guest rw- (6)
is unable to access the folder:
Case 3: GROUP
has r--
permissions but admin
can't access the folder:
root@host:~# chmod 745 /var/www/test-dir/
USER root rwx (7)
is able to access the folder.GROUP admin r-- (4)
is unable to access the folder.other guest r-x (5)
is able to access the folder.
Case 4: GROUP
has rw-
permissions but admin
can't access the folder:
root@host:~# chmod 467 /var/www/test-dir/
USER root r-- (4)
is able to access the folder.GROUP admin rw- (6)
is unable to access the folder.other guest rwx (7)
is able to access the folder.
答案1
Folder permissions aren't the same as typical permissions. In a directory, permissions are as follows:
r
: Can the directory's contents be listed (like withls
)?w
: Can the directory be modified (new files added, files deleted, renamed, etc)?x
: Can the directory be accessed bycd
and the like?
The r
permission does not require x
be set on a folder (you can ls
an r--
folder all you want), but you will not be able to see anything other than filenames:
ls: cannot access 'test/..': Permission denied
ls: cannot access 'test/.': Permission denied
ls: cannot access 'test/file': Permission denied
total 0
d????????? ? ? ? ? ? ./
d????????? ? ? ? ? ? ../
-????????? ? ? ? ? ? file
The w
permission does require x
to be set in all cases. You will not be able to alter a directory with only rw-
access to it.
Meanwhile, the x
permission is essentially the master permission. In order to see file metadata (like permissions), navigate to the file, or even work on files inside the folder that you have write access to, you will need the x
permission.
See the Arch wiki for some good examples of directory permissions.
As usual, the root
account is automatically granted every permission under the sun.
答案2
You need to be root or have execute ('x') permission to access a folder.