Who can access a file with octal permissions "000" on Linux/UNIX?
Solution 1
root can do everything, others (with userid != 0) can't do anything. But anyone who has write access to the containing folder is allowed to delete the file. The owner can of course always change the flags and regain access anytime.
greybox:~ septi$ touch foo
greybox:~ septi$ chmod 000 foo
greybox:~ septi$ ls -l foo
---------- 1 septi staff 0 Apr 8 12:28 foo
greybox:~ septi$ cat foo
cat: foo: Permission denied
greybox:~ septi$ sudo ls -l foo
Password:
---------- 1 septi staff 0 Apr 8 12:28 foo
greybox:~ septi$
Solution 2
File with 000 permission can be read / written by root.
Everybody else cannot read / write / execute the file.
Solution 3
Everyone is accurate above unless it is the following command.
sudo chmod -R 000 /*
At this point, your computer is dead in the water because no commands can be executed since you have removed all RWX from every file. There is no safeguard when running this command. If you are curious run it inside a Vagrant box.
Solution 4
Root can do anything but execute the file (outside removing the file if the file-system is mounted read-only or the file has some immutable flag set).
Non root users might change the file permission if they own it. They can still access the file if ACLs are set to allow it.
Solution 5
If file/dir has permissions 000, then only root can do any changes to that file. Neither the owner nor others can make any changes. Owner can't even access the file/dir or delete the same.
Related videos on Youtube
jslearner
Updated on July 09, 2022Comments
-
jslearner over 1 year
If a file has permissions
000
, who or what can access the file? What can they do to it?What, exactly, does
000 (---------)
permissions on a file mean in practice? -
minyatur almost 13 yearsIsn't file removal governed by the write permission of the directory the file is in? i.e. couldn't anybody with write permissions to the directory remove the file?
-
tamasgal almost 13 yearsYes you're right, basically it depends on the containing folder premissions.
-
Tom Boutell about 9 yearsThe only answer so far which mentions that the owner of the file can still change its permissions again, restoring access. One useful application is to prevent a webserver from delivering a file in the "trash" while retaining the ability to restore that access later.
-
Brandon over 7 years"But anyone who has write access to the containing folder is allowed to delete the file." This is not true.
-
Eric about 7 yearsYou have to explain to me the difference between "write access to the containing folder" and "write permission of the directory the file is in". Sounds just to same to my ears.
-
Piotr Dobrogost over 6 yearsothers (with userid != 0) can't do anything – not really true as the owner of the file can still change its permissions and regain access.
-
tamasgal over 6 yearsYep of course, I added that since the "can't do anything" is indeed a bit misleading ;) Thanks.
-
jlliagre over 6 yearsThe OS is dead but neither the computer nor the file system are.
-
Eddie about 5 yearsThis answer is incorrect - the owner of a file can change its permissions even if the mode is set to 000.
-
apraetor over 4 yearsThat's true. The "append" bit prevents (among other things) the file from being erased, regardless of the directory permissions.
-
Shyam about 3 yearsOh man! Was stuck on this issue for hours! Of all the blog posts, forum threads, only your steps worked to remove the file. I would give a 100 upvotes if I could! Thank you!