A summary of folder permission x and Inode in Linux
Theoretical speculation
I read several articles before that Linux uses the inode number to identify files, which is equivalent to the unique ID of files in the file system. Different files have different inode numbers. When a file is created, it has the inode number. No matter which path the file is placed in, the inode number is the same.
To get the inode number, you can do the following:
# Get a.txt file information, including inode number stat a.txt # Another way to get the inode number of a.txt file ls -i a.txt
On the surface, the user opens the file by its name. In fact, the internal process of the system is divided into three steps: first, the system finds the corresponding inode number of the file name; second, obtains the inode information through the inode number; finally, finds the block where the file data is located according to the inode information and reads out the data.
I wonder why I can't create a file under the directory when it has permission w?
Directory is also a file type in Linux
The structure of the directory file is very simple, which is a list of directory items. Each directory entry consists of two parts: the file name of the included file and the inode number corresponding to the file name.
// Definition of dirent, http://man7.org/linux/man-pages/man3/readdir.3.html
struct dirent {
ino_t d_ino; /* Inode number */
off_t d_off; /* Not an offset; see below */
unsigned short d_reclen; /* Length of this record */
unsigned char d_type; /* Type of file; not supported
by all filesystem types */
char d_name[256]; /* Null-terminated filename */
};
That is to say, the directory file holds a table corresponding to the file name and inode number, which is temporarily called FNM? Ind table.
My understanding is that for catalog files:
- The permission r allows the user to read the Filename field of the FNM? Ind table, that is, the user gets the list of file names in the directory.
- The permission w allows the user to write the Filename field of the FNM? Ind table, that is, the user can modify the contents of the Filename field.
- Permission x allows the system to operate the inode field of the FNM ﹣ ind table, including adding, deleting, modifying and querying, because the inode is generated by the system.
- Table FNM ﹣ ind is more like a collection of key value pairs. It is similar to the Map type in Java. Filename is the key and inode is the value. As long as you give it a file name, you can find inode.
- To sum up, if you do not have x permission, it means that you cannot add, delete or modify files in this directory, that is, you cannot do anything. Therefore, the system does not allow you to switch cd to this directory, and no idle people who cannot work can enter.
Therefore, rw and x are permissions for different objects, rw is for users, and x is for operating systems.
Experimental proof
# 1. Preparation ## Enter the experiment directory / tmp cd /tmp ## Create directory / tmp/dira mkdir dira ## Create the file / tmp/dira/a.txt with the content of aaa echo aaa > dira/a.txt ## Create the file / tmp/dira/b.txt with the content of bbb echo bbb > dira/b.txt # 2.1 ## 2.1 directory dira only has r permission chmod 400 dira # r-- ls -i dira #Results show #ls: cannot access dira/b.txt: Permission denied #ls: cannot access dira/a.txt: Permission denied #? a.txt ? b.txt ## Because the r permission can read the Filename field of the FNM ﹣ ind table, a.txt and b.txt are listed in the folder ## However, due to the lack of x permission, the inode number of each file cannot be obtained. All files are preceded by a question mark? To indicate the inode value ## 2.2 directory dira only has rw permission chmod 600 dira # rw- touch dira/c.txt #Results show #touch: cannot touch 'dira/c.txt': Permission denied ## Adding a file in the directory is to add a record in the directory's' fnm'ind 'table, and' Filename 'and' Inode 'are both required fields, ## If there is no 'x' permission, the system will not perform 'Inode' related operations, and the 'Inode' field of the new record will have no content, ## And 'Inode' is a required field, which will eventually lead to the failure of new files ## 2.3 directory dira only has rx permission chmod 500 dira # r-x ls -i dira #Results show #803771 a.txt 806138 b.txt ## 2.4 directory dira only has wx permission chmod 300 dira touch dira/t.txt # Create success ls -i dira #Results show #ls: cannot open directory dira: Permission denied ## 2.5 directory dira only has x permission chmod 100 dira # --x ### 2.5.1 modify files with w write permission echo ttt > dira/t.txt # Write successfully ### The default permission of the newly created dira/t.txt is rw- ### The full path name of the file is / tmp/dira/t.txt, which has x permission from / to dira, so the search process is as follows: ### /Find the inode of TMP under / tmp find the inode of dira under / TMP / dira find the inode of t.txt ### Through the inode of t.txt, you can access the block of its content and have w write permission to t.txt to modify its content ### 2.5.2 creating files in DIRA directory touch dira/t2.txt #Results show #touch: cannot touch 'dira/t2.txt': Permission denied ### Because dira only has x permission, although it can access inode, the filename field needs to be created by w, neither of which is indispensable ### 2.5.4 delete directory dira chmod 100 dira && rm -rf dira # --x #rm: cannot remove 'dira': Permission denied chmod 200 dira && rm -rf dira # -w- #rm: cannot remove 'dira': Permission denied chmod 300 dira && rm -rf dira # -wx #rm: cannot remove 'dira': Permission denied chmod 400 dira && rm -rf dira # r-- #rm: cannot remove 'dira/t.txt': Permission denied #rm: cannot remove 'dira/b.txt': Permission denied #rm: cannot remove 'dira/a.txt': Permission denied chmod 500 dira && rm -rf dira # r-x #rm: cannot remove 'dira/t.txt': Permission denied #rm: cannot remove 'dira/b.txt': Permission denied #rm: cannot remove 'dira/a.txt': Permission denied chmod 600 dira && rm -rf dira # rw- #rm: cannot remove 'dira/t.txt': Permission denied #rm: cannot remove 'dira/b.txt': Permission denied #rm: cannot remove 'dira/a.txt': Permission denied chmod 700 dira && rm -rf dira # rwx #Delete succeeded because recursive delete requires #r attribute is required to read the file list under dira #w attribute is required to modify the file list under dira #The x attribute is required to modify the inode information corresponding to the file in the file list #Therefore, rwx is indispensable
Reference document
https://www.ruanyifeng.com/blog/2011/12/inode.html
https://my.oschina.net/michaelyuanyuan/blog/109147
https://unix.stackexchange.com/questions/61585/the-relationship-between-execute-permission-on-a-directory-and-its-inode-structu
http://man7.org/linux/man-pages/man3/readdir.3.html
