The „Execute“ permission on a directory enables a user, group or others to perform any of the following:
- To change the current working directory to that directory and
- to read attributes of all entries in the directory.
The ability to read the basenames of entries in a directory is granted with the read permission on that directory.
To test the effects of the execute permission, create a directory owned by user „user1“ and group „user1“ and assign permissions to read, but not to execute, to others:
mkdir /tmp/component1 chown user1:user1 /tmp/component1 chmod 754 /tmp/component1
In that directory, create a subdirectory that grants permission to read and execute to others.
mkdir /tmp/component1/component2 chown user1:user1 /tmp/component1/component2 chmod 755 /tmp/component1/component2
Inside the subdirectory, create a plain text file that grants permission to read to others.
touch /tmp/component1/component2/test chown user1:user1 /tmp/component1/component2 chmod 644 /tmp/component1/component2/test
To perform the following tests, change into user identity „user3“, who is not the owner and is not a member of the owning group:
sudo -u user3 /bin/bash
List the names of entries in the directory:
user3$ ls /tmp/component1 component2
List the entries of the directory including attributes such as ownership, permissions and creation time:
user3$ ls -l /tmp/component1 ls: cannot access '/tmp/component1/component2': Permission denied total 0 d????????? ? ? ? ? ? component2
Change into the directory:
user3 $ cd /tmp/component1 bash: cd: /tmp/component1: Permission denied
Change into the subdirectory:
user3 $ cd /tmp/component1/component2 bash: cd: /tmp/component1/component2: Permission denied
Read the file in the subdirectory:
user3 $ cat /tmp/component1/component2/test cat: /tmp/component1/component2/test: Permission denied
Notably, the user can not access any file or directory contained in a directory that user has no excute-permission on. Granting write-permissions to the user on that directory does not enable the user to gain access privileges on the directory itself or any of its entries.
To test this, grant write- but not execute-permission to others:
chmod 756 /tmp/component1
Become the user that is not owner or group-owner:
sudo -u user3 /bin/bash
As that user, try to change the permissions of the directory itself:
user3 $ chmod o+x /tmp/component1 chmod: changing permissions of '/tmp/component1': Operation not permitted
Try to change the permissions of an entry of the directory:
user3 $ chmod o+x /tmp/component1/component2 chmod: cannot access '/tmp/component1/component2': Permission denied
In summary, removing execution rights on a directory bars affected users from all access besides reading the basenames of the entries in the directory, and it bars affected users from any access to entries contained in subdirectories.