I’ve been working on a distributed filesystem recently, which has exposed me to the POSIX permission system in more depth, and whoo, I’m convinced that POSIX permissions are weird and bad and can lead to some very surprising1 behavior.
Quick, tell me what permissions you need to have to delete the file at
Well, the surprise here is that you need absolutely zero permissions on the file itself. All you need are:
writepermission on the directory
executepermission on directories
write permission on
/home/paul is necessary to modify the directory to delete the file, and the
execute permission on all the directories on the path to the file to be able to access files and directories inside them.
The one caveat is the sticky bit. If
/home/paul had the sticky bit set, it would only allow deletion of files inside it by the owner of the file, the owner of the directory, or root.
This is pretty surprising and can lead to some unfortunate situations if you mix world-writable directories and recurisve deletes. Sure, you can’t read or write over my data, but you can remove it from existence!
This one is less weird, but certainly not intuitive. If you have read and write permission on a directory
/home, what can you do?
Can you create a new file
/home/mandoo? Can you delete the file
/home/mandoo? Can you see the files inside the directory? Can you read a file inside the directory, assuming you have read permissions on the file?
Turns out all you can do is list the names of the files inside the directory, but nothing more. In order to create a new file, you’d need the
execute permission along with your
write permission, same with deleting a file, and same with reading a file. The execute bit is necessary to doing anything of use inside a directory, but it seems to get little fanfare.
I dunno. POSIX permissions are weird and not user-friendly or intuitive. It’s something that you learn by getting burned, or just from enough experience2. Lots of things are like that, but not many of them have the responsibility of storing the world’s data. Maybe we should go back to papyrus and reed brushes.
Read as really bad. ↩︎
The worst part is it’s the kind of system that you think is horribly unintuitive when you are introduced to it, but then you begin to slowly convince yourself that there’s a nice internal logic to it. But in reality it’s still a mess but now you just know every detail of the mess. ↩︎