How is my internet browser able to write files into my "Downloads" file if the default permissions do not allow to "write"?
Programs run with the privileges of the user who invoked them.
So when you launch your browser, the browser process has the rights you have to read, modify and execute files.
And as you are the owner of your Downloads folder, your user account has (usually by default) full r
ead/w
rite/ex
ecute rights. Therefore your browser has them too.
To clarify the stat output (d rwx r-x r-x)
:
- The first letter (here:
d
) describes the type of the file system object you are examining.d
means that you are showing the permissions of a directory. If you are examining a file, you will get a-
instead. There are other possibilities too, likel
for a link. Further there are (according to @Atsby's comment)b
for block devices,c
for character devices,p
for pipes and probably even more...
See * for note about directory permissions! - The first three letters
rwx
stand for the owner's permissions. A letter means that the respective access type is granted, a "-" means denied. --> full access - The second three letters
r-x
represent the permissions users have who are members of the owner's group. It's the same "rwx"-format as above. --> only read and execute permissions, no writing - The last three letters
r-x
represent the permissions of any other users who is not the owner itself and is not a member of the owner group. Still same "rwx"-format. --> also only read and execute permissions, no writing
* Directory permissions:
Note that directory permissions have different meanings than file permissions. For directories...
read access (r) means listing the files (ls
command),
write access (w) means changing the directory content (creating, deleting, renaming files) and
execute access (x) means entering the directory (cd
command or opening with the file manager)
Advanced execute permissions:
Sometimes you find an S
, s
, T
or t
where you would expect an x
.
There are SUID (Set User ID) and SGID (Set Group ID) permissions which replace the normal x
if the file should always be executed with the permissions of its owner (SUID) or its owner group (SGID). For SUID, the x
of the user permissions (first block) gets replaced, for SGID, the x
of the group permissions (second block) gets replaced. A capital letter S
stands for a -
(permission denied) while a small s
equals to x
(permission granted).
If the x
of the third block (others' permissions) gets replaced by a T
/t
, this means that the "Sticky Bit" is set. Nowadays, it is mostly used to prevent deletion of the file by non-owner users who have write permissions. Again, a capital letter T
equals a -
(no execute permission for others) without "Sticky Bit", while a small t
stands for granted execution access (x
) for others.
Octal notation:
The permissions can also be represented by 3-4 digits (values 0-8), which is called octal notation.
Normally you have 3 digits or 4 digits with the first digit set to 0 (e.g. 755
or 0755
).
- The first digit (which can be omitted if it is 0) represents the advanced permission flags. Flag values: SUID=4, SGID=2, Sticky=1.
- The second digit represents the state of the owner's permission flags (rwx; first permission block in string formatting). Flag values: r=4, w=2, x=1.
- The third digit represents the state of the owner group's permission flags (rwx; second permission block in string formatting). Flag values: r=4, w=2, x=1.
- The fourth digit represents the state of all other's permission flags (rwx; third permission block in string formatting). Flag values: r=4, w=2, x=1.
To calculate the digit value, just sum up the flag values of all set flags. Examples: rwx=4+2+1=7, r-x=4+0+1=5
Source and additional references:
http://www.zzee.com/solutions/linux-permissions.shtml
http://www.informit.com/articles/article.aspx?p=1822622&seqNum=6
Please visit those links for more detail, especially about advanced permissions.