Here are the permissions given on the machine:
drwxrwxrwx 4 root root 512 May 16 09:32 STC_10
drwxrw-rw- 4 root root 512 May 5 11:22 STC_11
Now here is the Problem:
cd STC_11
-bash: cd: STC_11: Permission denied
But this one works:
-bash-4.0$ cd STC_10
-bash-4.0$ ls
Codemgr_wsdata src
Why do we need execution permission to do a reach that directory STC_11
? Wont read-write permissions suffice?
An ls
command on STC_11
would work.
Best Answer
For the following demonstration, I created a few directories:
Read permissions are sufficient to list the contents of the directory:
ls(1)
can't find details about the file, but it can tell you the name of the file.But read-only access doesn't let you traverse the directory:
Execute permissions are sufficient to traverse the directory (including
cd
), but you can't list the contents:Even though you can't get a listing of files in the directory, you can still traverse the directory:
Both read and execute permissions work as you expect:
While it is initially confusing to have permission to list the files in a directory but not be able to do anything with them, and it is also confusing to have permission to do things with files but not be able to list them, it is part of Unix's tradition of simple mechanisms being used for clever things: these two elements alone make it easy to implement Capability-based security. If I were to place a few thousand files in the directory, but only wanted some people to read files meant for them, I could easily pick unguessable filenames, and give out the filenames when people give me money to read the files. :)
Or, maybe you have a dozen clients, and you want them all to have access to a directory of files meant for them. If you place all the client information into a single directory with only execute access, they could never determine your other clients, unless they already know that the other person is a client.