Do you need to let someone use a file of yours, but you don't want everyone on the system to be able to snoop around in the directory? You can give execute permission, but not read permission, to a directory. Then, if a file in the directory is accessible, a person can use the file by typing the exact filename. ls will say the directory is "unreadable." Wildcards won't work.
Here's an example.
Let's say that your home directory has
rwxr-xr-x permissions (everyone can
access and list files in it).
Your username is hanna.
You have a subdirectory named project; you set
its permissions so that
everyone else on the system has execute-only permission.
Now you tell the other user, toria, the exact name of your file, myplan. Like everyone else on the system, she can access your project directory. She can't list it because she doesn't have read permission. Because she knows the exact filename, she can read the file because the file is readable (anyone else could read the file, too, if they knew its exact name):
pwdpwd: can't read . toria%
lsls: . unreadable toria%
more myplan...File appears... toria%
ln myplan /home/toria/project.hanna/plan
(We're using the "real" pwd command
that reads the filesystem to find your current directory.
That's why it complains
can't read ..
If you're using the shell's shortcut pwd, you probably won't
get the error shown above.
In the example above, toria made ato the myplan file, with a different name, in her own project.hanna directory. (She could have copied, printed, or used any other command that reads the file.) Now, if you (hanna) want to, you can deny everyone's permission to your project directory. toria still has her link to the file, though. She can read it any time she wants to, follow the changes you make to it, and so on:
ls -ld project.hanna project.hanna/plandrwx------ 2 toria 512 Jul 27 16:43 project.hanna -rw-r--r-- 2 hanna 9284 Jul 27 17:34 project.hanna/plan toria%
more project.hanna/plan...File appears...
toria has protected her project.hanna directory so that other users can't find her link to hanna's file.
NOTE: If hanna denies permission to her directory, toria can still read the file through her hard link. If toria had made a symbolic link, though, she wouldn't be able to access the file any more. That's becausebut a symbolic link doesn't.
You might also want to give other users permission to list and access the files in a directory, but not make the directory open to all users. One way to do this is to put a fully accessible directory with an unusual name inside an unreadable directory. Users who know the exact name of the fully accessible directory can cd to it; other users can't find it without its name:
chmod 711 projecthanna%
chmod 777 project/pLaNhanna%
ls -ld project project/pLaNdrwx--x--x 3 hanna 512 Jul 27 17:36 project drwxrwxrwx 2 hanna 512 Jul 27 17:37 project/pLaN
Users who type
cd /home/hanna/project/pLaN can list the directory's
contents with ls.
With the permissions you've set, other users can also create, delete, and
rename files inside the pLaN directory - though you could have used
more restrictive permissions like
This setup can still be a little confusing. For instance, as article 14.4 explains, the pwd command won't work for users in the pLaN directory because pwd can't read the project directory. Variables like and will probably have the absolute pathname. If another user gets lost in a restricted directory like this, the best thing to do is cd to the home directory and start again.