Write but not read permission on a file in linux
Is it possible to have write but not read permission on a file in Linux? What about execute but not read and write permission?
Solution 1:
Yes, although execute permission without read permission is meaningless on a non-binary file (since you need to read a script to execute it). On a directory, execute without read means you can traverse the directory, but not list it or do anything else with its contents. Consider the following path:
/home/user/foo/bar
If directory foo
has mode 0711 (full permission for owner, execute only for group and world), while directory bar
has mode 0755 (full permission for owner, read and execute for everyone else), then accounts other than user
may cd /home/user/foo/bar
and find that bar
behaves as any ordinary directory; however, while cd /home/user/foo
will work, ls
and any other command in that directory will fail due to insufficient permissions (i.e., you can't read the directory to list its contents).
Write permission without read permission on a file does just what it implies: you can write to the file, but you can't read back what you've written. This might be useful in a case where processes under multiple accounts write to a single logfile, but a process belonging to one user must not be able to read the (presumably sensitive) log entries from a process belonging to another user.
Solution 2:
[benji@laptop ~]$ ./hello
Hello world!
[benji@laptop ~]$ chmod 000 hello #no permissions, start out with a clean slate
[benji@laptop ~]$ chmod +x hello #make it executable
[benji@laptop ~]$ cat hello #try to read it, but can't
cat: hello: Permission denied
[benji@laptop ~]$ ./hello #try to run it, it works!
Hello world!
[benji@laptop ~]$
[benji@laptop ~]$ cat hello.sh
#!/usr/bin/bash
echo 'Hello world!'
[benji@laptop ~]$ chmod 000 hello.sh #no permissions, start out with a clean slate
[benji@laptop ~]$ chmod +x hello.sh #make it executable
[benji@laptop ~]$ cat hello.sh #try to read it; FAIL
cat: hello.sh: Permission denied
[benji@laptop ~]$ ./hello.sh #try to run it, but the shell interpreter (bash) cannot read it; FAIL
/usr/bin/bash: ./hello.sh: Permission denied
[benji@laptop ~]$
It is possible to have execute only permissions only if the file is not a shell script; a shell script needs to be read (and therefore needs read permissions) by the shell interpreter. Otherwise, for binary executable files, read permissions are not required; just execute permissions.
[benji@laptop ~]$ echo hello >file
[benji@laptop ~]$ chmod 000 file #no permissions, start out with a clean slate
[benji@laptop ~]$ chmod +w file #write-only permissions
[benji@laptop ~]$ cat file #cannot read it
cat: file: Permission denied
[benji@laptop ~]$ echo hello again >file #but *can* write it
So yes, it is possible to have write but not read permissions on a file.
Solution 3:
The read, write, execute permissions in Unix generically are totally independent.
Unix distinbguishes between user permissions (for the owner of the file), group permissions (for anybpdy belonging to the file's group) and others. The permissions are checked strictly in this order; i.e., if the user tries an access, the user permissions apply, and nothing else is checked; if not the user but belongs to the group, group permissions apply; if none of the above, others permissions apply.
Permissions are shown by ls(1)
as rwx
thrice (user, group, others). So r--
means read-only, rw-
is read-write, and --x
is execute only. The command chown(1)
is normally fed octal numbers giving the permissions, but you can also use the above notation, i.e., chown u+r,g-x,o=rw somefile
means "add r
for user, subtract x
for group, set r
and w
exactly for others".
Solution 4:
One way of approaching chmod is to use the chmod math where read=4 write=2 execute=1. the positioning of the number you want goes in the order U=user G=group O=Others the command 'chmod UGO' will set permissions.
If you want user to have full permissions it would be read(4)+write(2)+execute(1)=7
If you want group to have read and execute it would be read(4)+execute(1)=5
If you want other to have no access it would be 0
the command to set those permissions would be: chmod 750 file