Why must a folder be executable?

Question

Permission for files:

chmod 664 myFile // rw-rw-r--

And for folders:

chmod 774 myFolder // rwxrwxr--

If I only use the "read and write" permission, the folders won't show their contents.

What's the reason for this?

score 58 · Answer 1 · edited Sep 07 '20 at 03:58

58

Directories (they're not typically called folders in *nix) have a different meaning for the permission bits than normal files.

For directories, write allows creating new files and deleting files inside it.

Read allows you to list the files inside of it.

Execute allows you to enter it and access files (or other directories) inside.

edited Sep 07 '20 at 03:58

Ramhound

42,708

answered Jul 28 '10 at 00:15

Daenyth

6,330

7

An easy way to remember is to imagine executing as a double-click on something. When you double-click the directory (or cd) you enter(execute) it. – Jul 30 '10 at 14:27
3

Mind that mere write access on a directory won't let you create new files. You also need the execute permisson on the directory to do so. – Matthias Braun Jan 27 '18 at 14:02
Does "access files (or other directories)" mean I can see the files i.e., list them but can't view them or I can see the files i.e., list them and read them as well ? – vadasambar Jul 16 '19 at 07:47
It's called "directory" in other OSes as well, for example dir command in DOS. And *nix GUIs also call it "folder". What is the difference between a directory and a folder?, What is the difference between a directory and a folder? – phuclv Sep 07 '20 at 04:04

Zaz · Accepted Answer · 2010-07-30T13:50:00.573

44

Since you can't 'execute' a directory, the execute bit has been put to better use. The execute bit on a directory allows you to access items that are inside the directory, even if you cannot list the directories contents.

$ mkdir -p dir/
$ echo 'Hello World!' > dir/file
$ chmod 000 dir/
$ ls -al dir/
ls: cannot open directory dir: Permission denied
$ cat dir/file
cat: dir/file: Permission denied
$ chmod +x dir/
$ ls -al dir/
ls: cannot open directory dir: Permission denied
$ cat dir/file
Hello World!

From the chmod manpage:

The letters rwxXst select file mode bits for the affected users: read (r), write (w), execute (or search for directories) (x), execute/search only if the file is a directory or already has execute permission for some user (X), set user or group ID on execution (s), restricted deletion flag or sticky bit (t).

edited Jul 30 '10 at 13:50

answered Jul 29 '10 at 13:46

Zaz

2,506
3
28
39

1

Why would adding the +x allow you to cat the file, but not ls the contents? It seems like catting the file would require read access, whereas ls would require "search" or execute access. I'm confused by this. – topher217 May 31 '22 at 01:54
1

Playing around with this more, I realize now that dir/file has default permissions -rw-rw-r-- so cat dir/file reads the file, and ls -al dir is denied because you are trying to read the directory without read permissions. I guess it makes a bit more sense to me to call this the traverse bit rather than the search bit. Otherwise the difference between reading and searching a directory seems a bit ambiguous to me. The difference between reading and traversing seems more clear cut to me. – topher217 May 31 '22 at 02:03
@topher217: +x does not allow you to cat a file, it only allows you to execute a file. – Zaz May 31 '22 at 02:03
I think that comment is a little misleading. When you cat a file, I don't think you can claim you "execute a file". Anyways after playing around with it in a terminal (comment above) it makes more sense to me. I'd rephrase your comment to "+x does not allow you to cat a file, the read bit of dir/file allows you to cat the file. The +x bit on dir allows you to traverse into dir in order to access dir/file, which itself has its own permissions". – topher217 May 31 '22 at 02:08
So if I want to remove all execution rights on all files in a directory try I accidentally end up removing permissions to see my files. Great design. The bypass is just pain. – Martin Braun Jul 15 '22 at 18:34
1

@MartinBraun: The find command does seem complex at first, but it is one of the most useful shell commands you will come across, along with xargs. An alternative is chmod -R -x dir/ followed by chmod -R +X dir/ (see man chmod) – Zaz Jul 16 '22 at 10:08
@Zaz Thanks, I came up with my own solution. My point remains. Such things should've been solved in Unix right away back in the 70s, assuming chmod existed back then already. – Martin Braun Jul 16 '22 at 10:33

score 3 · Answer 3 · answered Jul 28 '10 at 00:15

3

Execute permissions on a directory allow you to traverse it, for using resources contained within it.

answered Jul 28 '10 at 00:15

Ignacio Vazquez-Abrams

112,653

score 2 · Answer 4 · answered Jul 28 '10 at 00:15

2

The "execute" bit actually means "search" when applied to directories (from man chmod). This seems reasonable since execute has no meaning for a directory.

answered Jul 28 '10 at 00:15

score 0 · Answer 5 · answered Jul 28 '10 at 00:14

The x bit on a folder refers to indexing/directory search/listing; none of those are possible if you keep that bit low.

Here's an example of its use: If you want to have a user with limited read permissions on every directory but his home, say /home/dummy, then you need to make / and /home have the x bit set, otherwise he can't even get to his home directory.

Why must a folder be executable?

5 Answers5