55

Permission for files:

chmod 664 myFile // rw-rw-r--

And for folders:

chmod 774 myFolder // rwxrwxr--

If I only use the "read and write" permission, the folders won't show their contents.

What's the reason for this?

Matthias Braun
  • 1,162
  • 1
  • 17
  • 29
Caio
  • 907
  • 2
  • 10
  • 11

5 Answers5

58

Directories (they're not typically called folders in *nix) have a different meaning for the permission bits than normal files.

For directories, write allows creating new files and deleting files inside it.

Read allows you to list the files inside of it.

Execute allows you to enter it and access files (or other directories) inside.

Ramhound
  • 41,734
  • 35
  • 103
  • 130
Daenyth
  • 6,290
  • 2
  • 28
  • 22
  • 6
    An easy way to remember is to imagine executing as a double-click on something. When you double-click the directory (or `cd`) you enter(execute) it. – John T Jul 30 '10 at 14:27
  • 3
    Mind that mere write access on a directory won't let you create new files. You also need the execute permisson on the directory to do so. – Matthias Braun Jan 27 '18 at 14:02
  • Does "access files (or other directories)" mean I can see the files i.e., list them but can't view them or I can see the files i.e., list them and read them as well ? – vadasambar Jul 16 '19 at 07:47
  • It's called "directory" in other OSes as well, for example `dir` command in DOS. And \*nix GUIs also call it "folder". [What is the difference between a directory and a folder?](https://superuser.com/q/187900/241386), [What is the difference between a directory and a folder?](https://stackoverflow.com/q/5078676/995714) – phuclv Sep 07 '20 at 04:04
40

Since you can't 'execute' a directory, the execute bit has been put to better use. The execute bit on a directory allows you to access items that are inside the directory, even if you cannot list the directories contents.

$ mkdir -p dir/
$ echo 'Hello World!' > dir/file
$ chmod 000 dir/
$ ls -al dir/
ls: cannot open directory dir: Permission denied
$ cat dir/file
cat: dir/file: Permission denied
$ chmod +x dir/
$ ls -al dir/
ls: cannot open directory dir: Permission denied
$ cat dir/file
Hello World!

From the chmod manpage:

The letters rwxXst select file mode bits for the affected users: read (r), write (w), execute (or search for directories) (x), execute/search only if the file is a directory or already has execute permission for some user (X), set user or group ID on execution (s), restricted deletion flag or sticky bit (t).

Zaz
  • 2,405
  • 2
  • 26
  • 38
  • 1
    Why would adding the +x allow you to cat the file, but not `ls` the contents? It seems like catting the file would require read access, whereas `ls` would require "search" or execute access. I'm confused by this. – topher217 May 31 '22 at 01:54
  • 1
    Playing around with this more, I realize now that `dir/file` has default permissions `-rw-rw-r--` so `cat dir/file` **reads** the file, and `ls -al dir` is denied because you are trying to **read** the directory without read permissions. I guess it makes a bit more sense to me to call this the **traverse** bit rather than the **search** bit. Otherwise the difference between **reading** and **searching** a directory seems a bit ambiguous to me. The difference between **reading** and **traversing** seems more clear cut to me. – topher217 May 31 '22 at 02:03
  • @topher217: `+x` does not allow you to cat a file, it only allows you to execute a file. – Zaz May 31 '22 at 02:03
  • I think that comment is a little misleading. When you `cat` a file, I don't think you can claim you "execute a file". Anyways after playing around with it in a terminal (comment above) it makes more sense to me. I'd rephrase your comment to "`+x` does not allow you to cat a file, the read bit of `dir/file` allows you to cat the file. The `+x` bit on `dir` allows you to traverse into `dir` in order to access `dir/file`, which itself has its own permissions". – topher217 May 31 '22 at 02:08
  • So if I want to remove all execution rights on all files in a directory try I accidentally end up removing permissions to see my files. Great design. The bypass [is just pain](https://superuser.com/questions/91935/how-to-recursively-chmod-all-directories-except-files). – Martin Braun Jul 15 '22 at 18:34
  • 1
    @MartinBraun: The `find` command does seem complex at first, but it is one of the most useful shell commands you will come across, along with `xargs`. An alternative is `chmod -R -x dir/` followed by `chmod -R +X dir/` (see `man chmod`) – Zaz Jul 16 '22 at 10:08
  • @Zaz Thanks, I came up with [my own solution](https://superuser.com/a/1731903/322536). My point remains. Such things should've been solved in Unix right away back in the 70s, assuming `chmod` existed back then already. – Martin Braun Jul 16 '22 at 10:33
3

Execute permissions on a directory allow you to traverse it, for using resources contained within it.

Ignacio Vazquez-Abrams
  • 111,361
  • 10
  • 201
  • 247
2

The "execute" bit actually means "search" when applied to directories (from man chmod). This seems reasonable since execute has no meaning for a directory.

0

The x bit on a folder refers to indexing/directory search/listing; none of those are possible if you keep that bit low.

Here's an example of its use: If you want to have a user with limited read permissions on every directory but his home, say /home/dummy, then you need to make / and /home have the x bit set, otherwise he can't even get to his home directory.

Platinum Azure
  • 117
  • 3