Permissions – Why Can rm Remove Read-Only Files?

filespermissionsreadonlyrm

If I create a file and then change its permissions to 444 (read-only), how come rm can remove it?

If I do this:

echo test > test.txt
chmod 444 test.txt
rm test.txt

…rm will ask if I want to remove the write-protected file test.txt. I would have expected that rm can not remove such a file and that I would have to do a chmod +w test.txt first. If I do rm -f test.txt then rm will remove the file without even asking, even though it's read-only.

Can anyone clarify? I'm using Ubuntu 12.04/bash.

Best Answer

All rm needs is write+execute permission on the parent directory. The permissions of the file itself are irrelevant.

Here's a reference which explains the permissions model more clearly than I ever could:

Any attempt to access a file's data requires read permission. Any attempt to modify a file's data requires write permission. Any attempt to execute a file (a program or a script) requires execute permission...

Because directories are not used in the same way as regular files, the permissions work slightly (but only slightly) differently. An attempt to list the files in a directory requires read permission for the directory, but not on the files within. An attempt to add a file to a directory, delete a file from a directory, or to rename a file, all require write permission for the directory, but (perhaps surprisingly) not for the files within. Execute permission doesn't apply to directories (a directory can't also be a program). But that permission bit is reused for directories for other purposes.

Execute permission is needed on a directory to be able to cd into it (that is, to make some directory your current working directory).

Execute is needed on a directory to access the "inode" information of the files within. You need this to search a directory to read the inodes of the files within. For this reason the execute permission on a directory is often called search permission instead.

Related Solutions

Linux – How to Make a File Not Modifiable

You can set the "immutable" attribute with most filesystems in Linux.

chattr +i foo/bar

To remove the immutable attribute, you use - instead of +:

chattr -i foo/bar

To see the current attributes for a file, you can use lsattr:

lsattr foo/bar

The chattr(1) manpage provides a description of all the available attributes. Here is the description for i:

   A  file with the `i' attribute cannot be modified: it cannot be deleted
   or renamed, no link can be created to this file  and  no  data  can  be
   written  to  the  file.  Only the superuser or a process possessing the
   CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

Why does chmod succeed on a file when the user does not have write permission on parent directory

When you change a file's metadata (permissions, ownership, timestamps, …), you aren't changing the directory, you're changing the file's inode. This requires the x permission on the directory (to access the file), and ownership of the file (only the user who owns the file can change its permissions).

I think this is intuitive if you remember that files can have hard links in multiple directories. The directory contains a table that maps file names to inodes. If a file is linked under multiple names in multiple directories, that's still one inode with one set of permissions, ownership, etc., which shows that the file's metadata is in the inode, not in the directory.

Creating, renaming, moving or deleting a file involves modifying the directory, so it requires write permission on the directory.

Best Answer

Related Solutions

Linux – How to Make a File Not Modifiable

Why does chmod succeed on a file when the user does not have write permission on parent directory

Related Question