Who can access a file with octal permissions "000" on Linux/UNIX?

48,593

Solution 1

root can do everything, others (with userid != 0) can't do anything. But anyone who has write access to the containing folder is allowed to delete the file. The owner can of course always change the flags and regain access anytime.

greybox:~ septi$ touch foo
greybox:~ septi$ chmod 000 foo
greybox:~ septi$ ls -l foo
----------  1 septi  staff  0 Apr  8 12:28 foo
greybox:~ septi$ cat foo
cat: foo: Permission denied
greybox:~ septi$ sudo ls -l foo
Password:
----------  1 septi  staff  0 Apr  8 12:28 foo
greybox:~ septi$ 

Solution 2

File with 000 permission can be read / written by root.

Everybody else cannot read / write / execute the file.

Solution 3

Everyone is accurate above unless it is the following command.

    sudo chmod -R 000 /*

At this point, your computer is dead in the water because no commands can be executed since you have removed all RWX from every file. There is no safeguard when running this command. If you are curious run it inside a Vagrant box.

Solution 4

Root can do anything but execute the file (outside removing the file if the file-system is mounted read-only or the file has some immutable flag set).

Non root users might change the file permission if they own it. They can still access the file if ACLs are set to allow it.

Solution 5

If file/dir has permissions 000, then only root can do any changes to that file. Neither the owner nor others can make any changes. Owner can't even access the file/dir or delete the same.

Share:
48,593

Related videos on Youtube

jslearner
Author by

jslearner

Updated on July 09, 2022

Comments

  • jslearner
    jslearner over 1 year

    If a file has permissions 000, who or what can access the file? What can they do to it?

    What, exactly, does 000 (---------) permissions on a file mean in practice?

  • minyatur
    minyatur almost 13 years
    Isn't file removal governed by the write permission of the directory the file is in? i.e. couldn't anybody with write permissions to the directory remove the file?
  • tamasgal
    tamasgal almost 13 years
    Yes you're right, basically it depends on the containing folder premissions.
  • Tom Boutell
    Tom Boutell about 9 years
    The only answer so far which mentions that the owner of the file can still change its permissions again, restoring access. One useful application is to prevent a webserver from delivering a file in the "trash" while retaining the ability to restore that access later.
  • Brandon
    Brandon over 7 years
    "But anyone who has write access to the containing folder is allowed to delete the file." This is not true.
  • Eric
    Eric about 7 years
    You have to explain to me the difference between "write access to the containing folder" and "write permission of the directory the file is in". Sounds just to same to my ears.
  • Piotr Dobrogost
    Piotr Dobrogost over 6 years
    others (with userid != 0) can't do anythingnot really true as the owner of the file can still change its permissions and regain access.
  • tamasgal
    tamasgal over 6 years
    Yep of course, I added that since the "can't do anything" is indeed a bit misleading ;) Thanks.
  • jlliagre
    jlliagre over 6 years
    The OS is dead but neither the computer nor the file system are.
  • Eddie
    Eddie about 5 years
    This answer is incorrect - the owner of a file can change its permissions even if the mode is set to 000.
  • apraetor
    apraetor over 4 years
    That's true. The "append" bit prevents (among other things) the file from being erased, regardless of the directory permissions.
  • Shyam
    Shyam about 3 years
    Oh man! Was stuck on this issue for hours! Of all the blog posts, forum threads, only your steps worked to remove the file. I would give a 100 upvotes if I could! Thank you!

Related