A summary of folder permission x and Inode in Linux

A summary of folder permission x and Inode in Linux

Theoretical speculation

I read several articles before that Linux uses the inode number to identify files, which is equivalent to the unique ID of files in the file system. Different files have different inode numbers. When a file is created, it has the inode number. No matter which path the file is placed in, the inode number is the same.
To get the inode number, you can do the following:

# Get a.txt file information, including inode number
stat a.txt

# Another way to get the inode number of a.txt file
ls -i a.txt 

On the surface, the user opens the file by its name. In fact, the internal process of the system is divided into three steps: first, the system finds the corresponding inode number of the file name; second, obtains the inode information through the inode number; finally, finds the block where the file data is located according to the inode information and reads out the data.

I wonder why I can't create a file under the directory when it has permission w?

Directory is also a file type in Linux

The structure of the directory file is very simple, which is a list of directory items. Each directory entry consists of two parts: the file name of the included file and the inode number corresponding to the file name.

// Definition of dirent, http://man7.org/linux/man-pages/man3/readdir.3.html
struct dirent {
  ino_t          d_ino;       /* Inode number */
  off_t          d_off;       /* Not an offset; see below */
  unsigned short d_reclen;    /* Length of this record */
  unsigned char  d_type;      /* Type of file; not supported
                                by all filesystem types */
  char           d_name[256]; /* Null-terminated filename */

That is to say, the directory file holds a table corresponding to the file name and inode number, which is temporarily called FNM? Ind table.
My understanding is that for catalog files:

  1. The permission r allows the user to read the Filename field of the FNM? Ind table, that is, the user gets the list of file names in the directory.
  2. The permission w allows the user to write the Filename field of the FNM? Ind table, that is, the user can modify the contents of the Filename field.
  3. Permission x allows the system to operate the inode field of the FNM ﹣ ind table, including adding, deleting, modifying and querying, because the inode is generated by the system.
  4. Table FNM ﹣ ind is more like a collection of key value pairs. It is similar to the Map type in Java. Filename is the key and inode is the value. As long as you give it a file name, you can find inode.
  5. To sum up, if you do not have x permission, it means that you cannot add, delete or modify files in this directory, that is, you cannot do anything. Therefore, the system does not allow you to switch cd to this directory, and no idle people who cannot work can enter.

Therefore, rw and x are permissions for different objects, rw is for users, and x is for operating systems.

Experimental proof

# 1. Preparation
## Enter the experiment directory / tmp
cd /tmp
## Create directory / tmp/dira
mkdir dira
## Create the file / tmp/dira/a.txt with the content of aaa
echo aaa > dira/a.txt
## Create the file / tmp/dira/b.txt with the content of bbb
echo bbb > dira/b.txt

# 2.1
## 2.1 directory dira only has r permission
chmod 400 dira  # r--
ls -i dira
#Results show
#ls: cannot access dira/b.txt: Permission denied
#ls: cannot access dira/a.txt: Permission denied
#? a.txt  ? b.txt
## Because the r permission can read the Filename field of the FNM ﹣ ind table, a.txt and b.txt are listed in the folder
## However, due to the lack of x permission, the inode number of each file cannot be obtained. All files are preceded by a question mark? To indicate the inode value

## 2.2 directory dira only has rw permission
chmod 600 dira  # rw-
touch dira/c.txt
#Results show
#touch: cannot touch 'dira/c.txt': Permission denied
## Adding a file in the directory is to add a record in the directory's' fnm'ind 'table, and' Filename 'and' Inode 'are both required fields,
## If there is no 'x' permission, the system will not perform 'Inode' related operations, and the 'Inode' field of the new record will have no content,
## And 'Inode' is a required field, which will eventually lead to the failure of new files

## 2.3 directory dira only has rx permission
chmod 500 dira  # r-x
ls -i dira
#Results show
#803771 a.txt  806138 b.txt

## 2.4 directory dira only has wx permission
chmod 300 dira
touch dira/t.txt  # Create success
ls -i dira
#Results show
#ls: cannot open directory dira: Permission denied

## 2.5 directory dira only has x permission
chmod 100 dira  # --x
### 2.5.1 modify files with w write permission
echo ttt > dira/t.txt  # Write successfully
### The default permission of the newly created dira/t.txt is rw-
### The full path name of the file is / tmp/dira/t.txt, which has x permission from / to dira, so the search process is as follows:
### /Find the inode of TMP under / tmp find the inode of dira under / TMP / dira find the inode of t.txt
### Through the inode of t.txt, you can access the block of its content and have w write permission to t.txt to modify its content

### 2.5.2 creating files in DIRA directory
touch dira/t2.txt
#Results show
#touch: cannot touch 'dira/t2.txt': Permission denied
### Because dira only has x permission, although it can access inode, the filename field needs to be created by w, neither of which is indispensable

### 2.5.4 delete directory dira
chmod 100 dira && rm -rf dira # --x
#rm: cannot remove 'dira': Permission denied

chmod 200 dira && rm -rf dira # -w-
#rm: cannot remove 'dira': Permission denied

chmod 300 dira && rm -rf dira # -wx
#rm: cannot remove 'dira': Permission denied

chmod 400 dira && rm -rf dira # r--
#rm: cannot remove 'dira/t.txt': Permission denied
#rm: cannot remove 'dira/b.txt': Permission denied
#rm: cannot remove 'dira/a.txt': Permission denied

chmod 500 dira && rm -rf dira # r-x
#rm: cannot remove 'dira/t.txt': Permission denied
#rm: cannot remove 'dira/b.txt': Permission denied
#rm: cannot remove 'dira/a.txt': Permission denied

chmod 600 dira && rm -rf dira # rw-
#rm: cannot remove 'dira/t.txt': Permission denied
#rm: cannot remove 'dira/b.txt': Permission denied
#rm: cannot remove 'dira/a.txt': Permission denied

chmod 700 dira && rm -rf dira # rwx
#Delete succeeded because recursive delete requires
#r attribute is required to read the file list under dira
#w attribute is required to modify the file list under dira
#The x attribute is required to modify the inode information corresponding to the file in the file list
#Therefore, rwx is indispensable

Reference document


Published 22 original articles, won praise 4, visited 7162
Private letter follow

Keywords: Permission denied Linux Attribute Java

Added by ryansmith44 on Thu, 12 Mar 2020 08:01:25 +0200