I’ve been working on a distributed filesystem recently, which has exposed me to the POSIX permission system in more depth, and whoo, I’m convinced that POSIX permissions are weird and bad and can lead to some very surprising1 behavior.
Deleting Files
Quick, tell me what permissions you need to have to delete the file at /home/paul/notes.txt
?
Well, the surprise here is that you need absolutely zero permissions on the file itself. All you need are:
write
permission on the directory/home/paul
execute
permission on directories/
and/home
The write
permission on /home/paul
is necessary to modify the directory to delete the file, and the execute
permission on all the directories on the path to the file to be able to access files and directories inside them.
The one caveat is the sticky bit. If /home/paul
had the sticky bit set, it would only allow deletion of files inside it by the owner of the file, the owner of the directory, or root.
This is pretty surprising and can lead to some unfortunate situations if you mix world-writable directories and recurisve deletes. Sure, you can’t read or write over my data, but you can remove it from existence!
Listing Files
This one is less weird, but certainly not intuitive. If you have read and write permission on a directory /home
, what can you do?
Can you create a new file /home/mandoo
? Can you delete the file /home/mandoo
? Can you see the files inside the directory? Can you read a file inside the directory, assuming you have read permissions on the file?
Turns out all you can do is list the names of the files inside the directory, but nothing more. In order to create a new file, you’d need the execute
permission along with your write
permission, same with deleting a file, and same with reading a file. The execute bit is necessary to doing anything of use inside a directory, but it seems to get little fanfare.
So What?
I dunno. POSIX permissions are weird and not user-friendly or intuitive. It’s something that you learn by getting burned, or just from enough experience2. Lots of things are like that, but not many of them have the responsibility of storing the world’s data. Maybe we should go back to papyrus and reed brushes.
-
Read as really bad. ↩︎
-
The worst part is it’s the kind of system that you think is horribly unintuitive when you are introduced to it, but then you begin to slowly convince yourself that there’s a nice internal logic to it. But in reality it’s still a mess but now you just know every detail of the mess. ↩︎