Folder access permissions - how do they work?

Folder access permissions - how do they work?

I wonder - why, when some folder has read or read-write permissions for GROUP (or other), the members of the GROUP (or other) can't access this folder?

I'm almost sure there is a logical explanation, but I can't find it. Let me give an example.

Initial circumstances

1. There are two users, called admin and guest.

2. There is a folder, called /var/www/test-dir:

$ getfacl -pt /var/www/test-dir/
# file: /var/www/test-dir/
USER   root      rwx
GROUP  admin     r-x
other            r-x

3. Within these permissions all users are able to access the folder:

  • USER root rwx (7) is able to access the folder.

  • GROUP admin r-x (5) is able to access the folder.

  • other guest r-x (5) is able to access the folder.

    guest@host:~$ cd /var/www/test-dir/
    guest@host:/var/www/test-dir$ ࢒
    

Cases

Case 1: other has r-- permissions but admin can't access the folder:

root@host:~# chmod 574 /var/www/test-dir/
  • USER root r-x (5) is able to access the folder.

  • GROUP admin rwx (7) is able to access the folder.

  • other guest r-- (4) is unable to access the folder.

    guest@host:~$ cd /var/www/test-dir
    bash: cd: /var/www/test-dir/: Permission denied
    

Case 2: other has rw- permissions but guest can't access the folder:

root@host:~# chmod 656 /var/www/test-dir/
  • USER root rw- (6) is able to access the folder.

  • GROUP admin r-x (5) is able to access the folder.

  • other guest rw- (6) is unable to access the folder:


Case 3: GROUP has r-- permissions but admin can't access the folder:

root@host:~# chmod 745 /var/www/test-dir/
  • USER root rwx (7) is able to access the folder.

  • GROUP admin r-- (4) is unable to access the folder.

  • other guest r-x (5) is able to access the folder.


Case 4: GROUP has rw- permissions but admin can't access the folder:

root@host:~# chmod 467 /var/www/test-dir/
  • USER root r-- (4) is able to access the folder.

  • GROUP admin rw- (6) is unable to access the folder.

  • other guest rwx (7) is able to access the folder.

答案1

Folder permissions aren't the same as typical permissions. In a directory, permissions are as follows:

  • r: Can the directory's contents be listed (like with ls)?
  • w: Can the directory be modified (new files added, files deleted, renamed, etc)?
  • x: Can the directory be accessed by cd and the like?

The r permission does not require x be set on a folder (you can ls an r-- folder all you want), but you will not be able to see anything other than filenames:

ls: cannot access 'test/..': Permission denied
ls: cannot access 'test/.': Permission denied
ls: cannot access 'test/file': Permission denied
total 0
d????????? ? ? ? ?            ? ./
d????????? ? ? ? ?            ? ../
-????????? ? ? ? ?            ? file

The w permission does require x to be set in all cases. You will not be able to alter a directory with only rw- access to it.

Meanwhile, the x permission is essentially the master permission. In order to see file metadata (like permissions), navigate to the file, or even work on files inside the folder that you have write access to, you will need the x permission.

See the Arch wiki for some good examples of directory permissions.

As usual, the root account is automatically granted every permission under the sun.

答案2

You need to be root or have execute ('x') permission to access a folder.

相关内容