Why is a file with 400 permissions seen writable by root but read-only by user

permissionsreadonlytest

If I create a file as an unprivileged user, and change the permissions mode to 400, it's seen by that user as read-only, correctly:

$ touch somefile
$ chmod 400 somefile
$ [ -w somefile ] && echo rw || echo ro
ro

All is well.

But then root comes along:

# [ -w somefile ] && echo rw || echo ro
rw

What the heck? Sure, root can write to read-only files, but it shouldn't make a habit of it: Best Practice would tend to dictate that I should be able to test for the write permission bit, and if it's not, then it was set that way for a reason.

I guess I want to understand both why this is happening, and how can I get a false return code when testing a file that doesn't have the write bit set?

Best Answer

test -w aka [ -w doesn't check the file mode. It checks if it's writable. For root, it is.

$ help test | grep '\-w'
  -w FILE        True if the file is writable by you.

The way I would test would be to do a bitwise comparison against the output of stat(1) ("%a Access rights in octal").

(( 0$(stat -c %a somefile) & 0200 )) && echo rw || echo ro

Note the subshell $(...) needs a 0 prefixed so that the output of stat is interpreted as octal by (( ... )).

Related Solutions

CentOS – Resolving Write Permission Issues

The installation of Apache may appears to be running as root but in actuality it's running as the user apache. You can check this by looking in this file:

$ grep "^User" /etc/httpd/conf/httpd.conf
User apache

Your entire wordpress directory should likely be owned by this user if you're planning on managing the installation using wordpress through the web UI.

I usually create a separate directory for wordpress like this:

$ pwd
/var/www
$ ls -l | grep wordpress
drwxr-xr-x. 5 apache apache    4096 Apr 25 19:27 wordpress

Here's the contents of the wordpress directory just so you can see it:

-rw-r--r--. 1 apache apache      395 Jan  8  2012 index.php
-rw-r--r--. 1 apache apache  5009441 Jan 23 13:40 latest.tar.gz
-rw-r--r--. 1 apache apache    19929 May  6  2012 license.txt
-rw-r--r--. 1 apache apache     9177 Jan 25 11:25 readme.html
-rw-r--r--. 1 apache apache     4663 Nov 17  2012 wp-activate.php
drwxr-xr-x. 9 apache apache     4096 Dec 11  2012 wp-admin
-rw-r--r--. 1 apache apache      271 Jan  8  2012 wp-blog-header.php
-rw-r--r--. 1 apache apache     3522 Apr 10  2012 wp-comments-post.php
-rw-rw-rw-. 1 apache apache     3466 Jan 23 17:15 wp-config.php
-rw-r--r--. 1 apache apache     3177 Nov  1  2010 wp-config-sample.php
drwxr-xr-x. 7 apache apache     4096 Apr 24 20:15 wp-content
-rw-r--r--. 1 apache apache     2718 Sep 23  2012 wp-cron.php
drwxr-xr-x. 9 apache apache     4096 Dec 11  2012 wp-includes
-rw-r--r--. 1 apache apache     1997 Oct 23  2010 wp-links-opml.php
-rw-r--r--. 1 apache apache     2408 Oct 26  2012 wp-load.php
-rw-r--r--. 1 apache apache    29310 Nov 30  2012 wp-login.php
-rw-r--r--. 1 apache apache     7723 Sep 25  2012 wp-mail.php
-rw-r--r--. 1 apache apache     9899 Nov 22  2012 wp-settings.php
-rw-r--r--. 1 apache apache    18219 Sep 11  2012 wp-signup.php
-rw-r--r--. 1 apache apache     3700 Jan  8  2012 wp-trackback.php
-rw-r--r--. 1 apache apache     2719 Sep 11  2012 xmlrpc.php

I usually also manage any Apache configs related to wordpress in it's own wordpress.conf file under this directory,/etc/httpd/conf.d/`.

# wordpress.conf
Alias / "/var/www/wordpress/"
<Directory "/var/www/wordpress/">
Order Deny,Allow
Deny from all
#Allow from 127.0.0.1 192.168.1
Allow from all
AllowOverride all
</Directory>
#RewriteLog "/var/www/wordpress/rewrite.log"
#RewriteLogLevel 3

Linux – read only root filesystem

The default behaviour for most Linux file systems is to safeguard your data. When the kernel detects an error in the storage subsystem it will make the filesystem read-only to prevent (further) data corruption.

You can tune this somewhat with the mount option errors={continue|remount-ro|panic} which are documented in the system manual (man mount).

When your root file-system encounters such an error, most of the time the error won't be recorded in your log-files, as they will now be read-only too. Fortunately since it is a kernel action the original error message is recorded in memory first, in the kernel ring buffer. Unless already flushed from memory you can display the contents of the ring buffer with the dmesg command. .

Most real hard disks support SMART and you can use smartctl to try and diagnose the disk health.

Depending on the error messages, you could decide it is still safe to use file-system and return it read-write condition with mount -o remount,rw /

In general though, disk errors are a precursor to complete disk failure. Now is the time to create a back-up of your data or to confirm the status of your existing back-ups.

Best Answer

Related Solutions

CentOS – Resolving Write Permission Issues

Linux – read only root filesystem

Related Question