On Sun, May 19, 2024 at 04:55:09PM +0200, Richard wrote: > Dovecot expects execution permissions on the directory it writes the logs > to. Because "Standard POSIX permissions for a non-root process to enter a > directory." How on earth is that even a thing?
That's how Unix permissions have always worked. In order to access a file, you need +x permissions on *all* of the directories leading up to that file, and then appropriate permissions on the file itself. If you have read permission on a directory but *not* execute permissions, then the only thing you can do is read the contents of that directory -- the filenames and their inode numbers. You cannot stat() the files, so you can't see who owns them or even what kind of files they are. Just their names. If you have execute permission but *not* read permission on a directory, then you can access the files within the directory, but only if you already know their names. You can't read the directory to get their names. Likewise, write permission on a directory allows you to rename or unlink files contained within that directory (because the names are not a property of the files -- they are part of the *directory*). You don't need write permission on a file to unlink it. Only on the directory.
