Having worked with Linux for years, and finding myself with some free time, I decided to revisit some basics. So I re-read the stuff about permissions (without checking source code), and its special cases for folders, and came up with a new (to me at least…) way of thinking about folder permissions (for a specific user/group/others): I imagine a folder as a table with two columns, like so:
filename | inode
foo | 111
bar | 222
The read permission means you can read (and list) the left column of the table, the write permission corresponds to adding and removing entries to the table, and the execute permission corresponds to being able to translate from file name to inode; i.e. you can access the contents of the folder.
I did some experiments, and the results are all consistent with this "worldview" of mine, but one conclusion seems inescapable: that a folder with permissions d-w-------, is totally useless. Elaborating: you can't list its contents, you can't read any files you know exist inside (because you can't translate names into inodes), you can't remove or rename or add files, because again that would imply translation, and you can't even add hardlinks (because, I surmise, that would mean adding a name as well as an inode number, which means you would know both, which in turn, again surmising, violates the purpose of unsetting execution permission). And of course, if there are files inside one such folder, then you can't delete that folder either, because you can't delete its contents.
So… I would like to ask two questions:
- Is this analogy of mine correct, or is it a big blunder?
- Irrespective of the previous answer, is there any situation where having a folder with permissions as described is appropriate?
Best Answer
Your understanding is pretty much correct. A better way to think of the execute permission is that it allows you to do things with a file or directory name in the directory (other than just reading the name itself). Most of those things involve translating the name to an inode, but it also includes creating new names and removing existing names.
Write permission to the directory without execute is therefore pretty useless, since there's nothing you can actually write if you can't access the files within it.