Bash – Why can’t root execute when executable bits are not set

bashexecutablepermissionsroot

root user can write to a file even if its write permissions are not set.

root user can read a file even if its read permissions are not set.

root user can cd into a directory even if its execute permissions are not set.

root user cannot execute a file when its execute permissions are not set.

Why?

user$ echo '#!'$(which bash) > file
user$ chmod 000 file
user$ ls -l file
---------- 1 user user 12 Jul 17 11:11 file
user$ cat file                      # Normal user cannot read
cat: file: Permission denied
user$ su
root$ echo 'echo hello' >> file     # root can write
root$ cat file                      # root can read
#!/bin/bash
echo hello
root$ ./file                        # root cannot execute
bash: ./file: Permission denied

Best Answer

In short, because the execute bit is considered special; if it's not set at all, then the file is considered to be not an executable and thus can't be executed.

However, if even ONE of the execute bits is set, root can and will execute it.

Observe:

caleburn: ~/ >cat hello.sh
#!/bin/sh

echo "Hello!"

caleburn: ~/ >chmod 000 hello.sh
caleburn: ~/ >./hello.sh
-bash: ./hello.sh: Permission denied
caleburn: ~/ >sudo ./hello.sh 
sudo: ./hello.sh: command not found

caleburn: ~/ >chmod 100 hello.sh
caleburn: ~/ >./hello.sh
/bin/sh: ./hello.sh: Permission denied
caleburn: ~/ >sudo ./hello.sh 
Hello!

Best Answer

Related Solutions

Why does chmod succeed on a file when the user does not have write permission on parent directory

Security – Best Practices for /etc/shadow Permissions

Related Question