I currently have a directory (udir), which has only read and write permissions for all users. This directory contains two files (file1 & file2)
I initially though that only write access was needed (on the directory) for me to be able to delete/remove a file via (rm udir/file1) but the rm command would give me access denied. when i set the permissions to read, write, and execute, the rm command works.
Obviously the execute access is needed as well but why??
I thought the execute access on a directory was to be able to make it a working a directory and search its contents and access sub directories.
You actually need read, write and execute permissions on the directory, not on the file itself since the operation is done considering the permissions effects of directories.
A good documentation can be found on this link, which mentions the below in the section Special Considerations on Directories:
To delete a file requires both write (to modify the directory itself)
and execute (to stat() the file's inode) on a directory. Note a user
needs no permissions on a file nor be the file's owner to delete it!
Related
I don't know if this is the right place to ask this question, but I am going to ask it anyway.
I have a frequent problem when I try to rename one of my folders; it says access is denied. I have full administrative rights on my computer. The problem occurs only when I try to do it via command prompt or batch files. I can manually rename the folder with no problems whatsoever. But I need to be able to rename it using the ren command. It is an irritating problem, and I have heard other people having the same problems. They usually fix it by re-taking ownership of the folder and restarting the computer. This works for me, but I hate having to do this every time. Is there a permanent solution that I can do to stop this problem? Also, when this problem occurs, it happens to all folders; I can't rename any of them using the ren command.
The answer is quite simple:
Windows does not permit deletion or renaming a directory/folder which is
the current directory of any running process (application/service) like the command process, or
any subdirectory of the directory to rename is the current directory of any running process, or
any file is opened in the directory to rename or any of its subdirectories by any process with OF_SHARE_DENY_READ, OF_SHARE_DENY_WRITE, OF_SHARE_EXCLUSIVE used on opening the file.
In other words as long as the directory itself or any file or subdirectory in this directory or its subdirectories is in use by any application, Windows denies renaming or deleting the directory.
On Unix/Linux it is possible to delete or rename a directory while it is in use by 1 or more running processes. The running *nix process has to handle the special use case that the directory or file just accessed successfully a millisecond before does suddenly not exist anymore.
My approach to solving this problem is to run the utility Handle, by Mark Russinovich of Windows Sysinternals. You can find it here.
This utility will show all the open handles on the system and which process is using them. One of them may have a path to the folder you are trying to rename.
I typically redirect the output of handle.exe to a file.
handle >handles.txt
Then I look at handles.txt in a text editor and search for the name of the folder I was trying to rename. It will appear in a section of handles belonging to the process that is keeping the handle to that folder open, and hence preventing it from being renamed. It shows the pid of the offending process, which you can decide how to deal with, in case you need to terminate it.
e.g. Trying to rename myfolder I forgot I had started a service running using pm2 (a process monitor) The output of Handle.exe included the following:
node.exe pid: 12752 DISCO\Stu
40: File (---) C:\Dev\myfolder\service
I fixed this by disabling Quick Access:
See Screenshot:
[
Well before you can run this command you have to have the privileges to do so as overwriting or modifying files from the command line requires admin rights. Once you got that done, enter the following:
ren (path name) (modified name, no quotation marks)
1 copy path of the folder. To do this, hold shift and right-click, you'll see the "copy as path option"
2 open cmd as admin. To do this, press window + X, then A.
3 in the cmd, type "cd C: then paste the path" so it will be, for example, like:
cd C:\Users\abc\Desktop\music
before you press enter, quote the last name; for example:
cd C:\Users\abc\Desktop\"music"
4 Next, type: ren *.present extension *.new extension; For example, from mp3 to exe:
ren *.mp3 *.exe
If no extension was existing, then, for example:
ren *. *.exe
This should work and eliminate the access denied nuisance.
I solved this problem by giving the user who run the batch full right on the directory. It seems the right from a group membership is not sufficient: the user was member of the local group Administrators and I received a "Access denied". After having added the user account in the directory security with full rights, it does the job.
I don't know if this is the right place to ask this question, but I am going to ask it anyway.
I have a frequent problem when I try to rename one of my folders; it says access is denied. I have full administrative rights on my computer. The problem occurs only when I try to do it via command prompt or batch files. I can manually rename the folder with no problems whatsoever. But I need to be able to rename it using the ren command. It is an irritating problem, and I have heard other people having the same problems. They usually fix it by re-taking ownership of the folder and restarting the computer. This works for me, but I hate having to do this every time. Is there a permanent solution that I can do to stop this problem? Also, when this problem occurs, it happens to all folders; I can't rename any of them using the ren command.
The answer is quite simple:
Windows does not permit deletion or renaming a directory/folder which is
the current directory of any running process (application/service) like the command process, or
any subdirectory of the directory to rename is the current directory of any running process, or
any file is opened in the directory to rename or any of its subdirectories by any process with OF_SHARE_DENY_READ, OF_SHARE_DENY_WRITE, OF_SHARE_EXCLUSIVE used on opening the file.
In other words as long as the directory itself or any file or subdirectory in this directory or its subdirectories is in use by any application, Windows denies renaming or deleting the directory.
On Unix/Linux it is possible to delete or rename a directory while it is in use by 1 or more running processes. The running *nix process has to handle the special use case that the directory or file just accessed successfully a millisecond before does suddenly not exist anymore.
My approach to solving this problem is to run the utility Handle, by Mark Russinovich of Windows Sysinternals. You can find it here.
This utility will show all the open handles on the system and which process is using them. One of them may have a path to the folder you are trying to rename.
I typically redirect the output of handle.exe to a file.
handle >handles.txt
Then I look at handles.txt in a text editor and search for the name of the folder I was trying to rename. It will appear in a section of handles belonging to the process that is keeping the handle to that folder open, and hence preventing it from being renamed. It shows the pid of the offending process, which you can decide how to deal with, in case you need to terminate it.
e.g. Trying to rename myfolder I forgot I had started a service running using pm2 (a process monitor) The output of Handle.exe included the following:
node.exe pid: 12752 DISCO\Stu
40: File (---) C:\Dev\myfolder\service
I fixed this by disabling Quick Access:
See Screenshot:
[
Well before you can run this command you have to have the privileges to do so as overwriting or modifying files from the command line requires admin rights. Once you got that done, enter the following:
ren (path name) (modified name, no quotation marks)
1 copy path of the folder. To do this, hold shift and right-click, you'll see the "copy as path option"
2 open cmd as admin. To do this, press window + X, then A.
3 in the cmd, type "cd C: then paste the path" so it will be, for example, like:
cd C:\Users\abc\Desktop\music
before you press enter, quote the last name; for example:
cd C:\Users\abc\Desktop\"music"
4 Next, type: ren *.present extension *.new extension; For example, from mp3 to exe:
ren *.mp3 *.exe
If no extension was existing, then, for example:
ren *. *.exe
This should work and eliminate the access denied nuisance.
I solved this problem by giving the user who run the batch full right on the directory. It seems the right from a group membership is not sufficient: the user was member of the local group Administrators and I received a "Access denied". After having added the user account in the directory security with full rights, it does the job.
I saw the command: touch while watching a video about the Terminal
It was something like:
user$ touch testfile
user$ ls
Documents Photos Music testfile
So I couldn't answer to myself:
Why one would want to create an empty file?
If you can, please make a short list of a few applicabilities of it!
I'll give a practical example of when I just used empty files in Ubuntu a few days ago. I was creating a program in C that could symlink files, directories, and entire directories of files. After I finished all my coding, I made a simple shell .sh script that created a "mock" directory structure. Including empty files and directories so I could test my program symlinking these "fake" files.
This makes it easy to:
Start the test over easily if something isn't working.
Play around with files of no importance (don't want to risk losing actual data).
To represent a collection of information with no instances.
When the mere presence or absence of the file is all that matters
To test if the script works by using a simple test "Subject"
To put Items,Codes and others things in later.
To use it as a example or represent Information.
I use:
touch __init__.py
all the time in a directory I am importing custom python modules, data files (csv, txt, etc), etc. from.
Explanation:
In Python, when one wants to import a module in another folder, the target folder needs an __init__.py file (that can be completely empty).
i.e.
from lib import somefile
And in the directory lib there is a blank file named __init__.py
It can be used for lock files, or when the data you need are in the file name itself. For example, I used to touch a file called "/.MYCOMPUTER_ROOT_2015_AUG_3" (for example) so that when I backed up the root partition on "mycomputer" to tape, I could tell which tape I was reading.
For the paranoid system administrator.
To write a shell script, that executes commands with elevated privileges (as root user for example), on a system with multiple concurrent users, and you want to protect your shell script from accidental (or malicious) usage before you're completely done with it. Then you do:
touch script.sh -> creates an empty file that does nothing and cannot be executed because it doesn't have +x set, so nobody can do anything harmful.
chown and chmod the file, to make sure that only the right users can do anything with it.
and only then you start vi or emacs or nano or whatever to write your very powerful shell script.
If you do the chown/chmod after you have written the file, then someone else could have already done bad things with it.
EDIT: a better example would be a file with SUPER SECRET CREDENTIALS, for example your ~/.aws/credentials file with your aws_secret_access_key.
If you write the credentials in the file first, and then chmod them, then in those few seconds between, someone could steal your file.
If you chmod first before there is any content, then you are safe(r).
I have a requirement to apply a default permission to files transferred into a specific folder in Unix. I did a look up on internet and found two ways. However, I can't use them for the reason mentioned:
1. umask
This command can only be used in user login level by mentioning it
in .bashrc / .profile file. Won't work for me because I want the
permissions to be applied regardless of the logged in user, and only
to a specific folder.
enter code here
2. setfacl
This command can only be used when the drive on which the folder is
located, is mounted with file access listing enabled. This won't for
me because I can't involve Unix system admins in this activity at my
workplace.
Please suggest if there's an alternate (and possibly a simple) way to achieve the solution for my requirement.
I have no knowledge of MIDES, but if your user is allowed to run cron, then a cron entry similar to the following:
/usr/bin/chmod /dir_name/*
E.g.
/usr/bin/chmod 750 /export/xfr/*
would run every minute and change the permissions of all files in your directory to what you want them to be.
It may not be exactly what you are asking for, because it will run on all files in that directory rather than just the ones transferred.
If you need it to only run on certain files within that directory, then you could use something like find to better define the files to act on. E.g.
/usr/bin/find -user -exec /usr/bin/chmod {} \;
E.g.
/usr/bin/find /export/xfr -user narayanf1 -exec /usr/bin/chmod 750 {} \;
would only change permissions on the files in /export/xfr owned by the user narayanf1.
man find
will give you further options on other options such as creation time, modification time, size, name etc.
I'm trying to make a simple c-shell like program on C (for Linux) that will execute scripts.
I need to read a script file in order to execute it, but how can I read it if it has only execute permission, and no read permission?
In short,
A binary file you can execute with only execute permissions.
A script is a text file, so you need read permissions.
So, you would need to play some games with group ownership, sudo, or similar.
Yes, you need read permissions to execute script.
However, I want to mention one possibility for another_user to run script without having r permission on the file.
You can allow somebody to execute somescript with sudo as another_user that have an r+x access to file.
However, you should have an access to /etc/sudoers (i.e., to be root, or ask superuser to add the record from below to etc/sudoers)
# Run script as the user 'another_user' without asking for password
somebody ALL = (another_user) NOPASSWD: /usr/bin/somescript
Solution found at
https://unix.stackexchange.com/a/77538 and
https://stackoverflow.com/a/21309969/1566267
You don't need read permission in order to execute a file.
In fact, if you have read permission, but not execute permission, you can't execute the file.
The execute permission allows you to ask the system to execute the script file.
Try with:
system("script.sh");
in order to execute a script (in the example script.sh).
You could also use:
execve("script.sh");
That would run the script replacing your script with the one in the specified script keeping the same pid as your script (as shown here)
The classic way of doing this is to make the wrapper C application setuid root. Root can read everything, regardless of permissions. That comes with a whole bunch of warnings though. Make sure that you're not closing a small security hole by opening a much larger one.