Read Only File in Writable Directory
This is a small gotcha about file permissions I ran into recently.
Let’s say there is a file on which you don’t have write permission:
$ ls -l file
-rw-r--r-- 1 notyou somegroup 68 25 Mar 21:12 file
You can’t write to this file:
$ echo "some text" > file
bash: file: Permission denied
However, let’s say this file is in a directory on which you do have write
permission (assuming here that you are in somegroup
):
$ ls -ld .
drwxrwxr-x 2 notyou somegroup 68 25 Mar 21:12 dir
Now even though you can’t modify the file, write permission on the directory lets you remove the file and write a new file in its place:
$ rm file
$ echo "some text" > file
Depending on the situation, this can be just as good. You don’t even have to do
this manually –
if you’re using vim, then :w!
will automatically do this if the file is not writable.
I encountered a system at work that would inspect the contents of certain files to decide whether to allow certain dangerous operations. These files had clearly defined owners that you were meant to get in touch with to ask for approval – if approval was granted, they would edit the relevant files for you, so that you could go ahead and do what you needed to do. But since the files were set up in this way – read-only in a group-writable directory – in practice anyone could edit them, bypassing whatever restrictions were in place.
If you’re relying on a file being read-only, be mindful of the permissions set on any parent directories.