0

Note: I have read and think I understand what's written in Execute vs Read bit. How do directory permissions in Linux work?

But I may be missing where in the hierarchy that execute directory permission needs to be set to cd into a directory.

Specifically, I am trying to make the postgres log group-readable so that I can look at the execution log. FWIW, though it's not part of my question, I edited postgresql.conf to set log_file_mode = 0640.

Note: PGDATA=/opt/local/var/db/postgresql13/defaultdb.

so now, let's cd $PGDATA/log

Permission error.

OK, sudo su postgres then chmod 750 $PGDATA/log

I have now set the execute bit on the log directory.

cd $PGDATA/log

Permission error.

Turned out that I needed to set the execute on the parent of $PGDATA/log, i.e. chmod 750 $PGDATA . Then cd $PGDATA/log worked.

I understand the logic behind requiring x set on $PGDATA if I was doing say ls $PGDATA and looking at what is in $PGDATA. But I never tried to, I was going directly into $PGDATA/log.

So, is it correct to say that to cd <somedir> you really execute permission on somedir's parent, not just the directory itself?

JL Peyret
  • 101
  • 2
  • Does this answer your question? [One folder - multiple user permission](https://unix.stackexchange.com/a/480363) – Kusalananda Apr 04 '22 at 22:44
  • @Kusalananda it does and so do some of the linked questions there. Perhaps naive of me, but I had no idea that the whole parent hierarchy needed taking into account. – JL Peyret Apr 04 '22 at 22:51
  • Yes, each directory on the path down to wherever is being accessed needs to be accessible. – Kusalananda Apr 04 '22 at 22:53
  • As you understand from [the other question](/q/480355/80216), you didn’t understand that the user must have execute permission on *every* directory in a path.  But you got something else wrong: to do `ls "$PGDATA"` and look at the *names* of the things in `$PGDATA`, you need ***read*** permission on `$PGDATA`.  In fact, to do `ls "$PGDATA"` and look at *only* the names of the things in `$PGDATA`, read permission on `$PGDATA` is ***all*** you need.  To do `ls -l "$PGDATA"` and look at the names *and attributes* of the things in `$PGDATA`, you need read and execute permission on `$PGDATA`. – G-Man Says 'Reinstate Monica' Apr 05 '22 at 05:46

0 Answers0