How Directory Permissions Work in Linux

In Linux, directories can have permissions assigned to them just like files. However, while the names of each type of permission make sense for files, they don’t really make sense for directories.

Take the x permission for example. When set on files, it indicates their ability to be executed by the user. However, it’s not like directories can be executed, so what does enabling the permission even mean?

For those who want to go directly to the source of this information, I mainly referenced this post on Stack Exchange when writing this post.

Read

The r permission allows a file to be read. However, when this permission is set on a directory, it basically means that the user is allowed to list the files within the directory.

Take the following directory for example.

root@macos demo/ # ls -l
total 0
dr--------  4 root  staff  128 Mar 10 16:29 foo

In this example the directory is owned by root, and only root is allowed to list the contents of the directory.

root@macos demo/ # ls -l foo
total 8
-rw-r--r--  1 root  staff  16 Mar 10 16:29 bar
-rw-r--r--  1 root  staff   0 Mar  7 14:58 baz

Other users would not be able to list the contents.

ravernkoh@macos demo/ $ ls -l foo
ls: foo: Permission denied

Write

The w permission is more intuitive. When set, it allows users to modify files and directories within the directory. However, it does not allow users to create or delete files within the directory unless the x permission is set too.

Execute

The x permission allows a user to enter the directory and access the files within the directory.

Take the following example.

ravernkoh@macos demo/ $ ls -l
total 0
d--x------  4 ravernkoh  staff  128 Mar  7 14:58 foo

Since the r permission is not set, the user would not be able to list the contents of the directory.

ravernkoh@macos demo/ $ ls -l foo
ls: foo: Permission denied

However, the user is still able to access and print the contents of files within that directory.

ravernkoh@macos demo/ $ cat foo/bar
Hello from bar!

Sticky

The t permission states that for each file and directory within the directory, only the owner can rename or delete them. This is useful in a situation where multiple users share the same directory, where setting the t permission could prevent one user from changing another user’s files.

Conclusion

Overall, I think the best way to think about this is to treat the directory like a file containing a list of names. If the r permission is set, the user can read (and essentially list) the list of names. If the w permission is set, the user can write to the contents within and perhaps (depending on whether x is set) create and/or delete files. If the x permission is set, the user can change the list of names itself, which would be creating and/or deleting files. The user can also cd into that directory, which is akin to executing it.