What is a valid use case for an “execute only” file permission?

I was reading up on chmod and its octal modes. I saw that 1 is execute only. What is a valid use case for an execute only permission? To execute a file, one typically would want read and execute permission.

$ echo 'echo foo' > say_foo
$ chmod 100 ./say_foo
$ ./say_foo
bash: ./say_foo: Permission denied
$ chmod 500 ./say_foo
$ ./say_foo
foo

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Shell scripts require the read permission to be executed, but binary files do not:

$ cat hello.cpp
#include<iostream>

int main() {
    std::cout << "Hello, world!" << std::endl;
    return 0;
}
$ g++ -o hello hello.cpp
$ chmod 100 hello
$ ./hello
Hello, world!
$ file hello
hello: executable, regular file, no read permission

Displaying the contents of a file and executing them are two different things. With shell scripts, these things are related because they are “executed” by “reading” them into a new shell (or the current one), if you’ll forgive the simplification. This is why you need to be able to read them. Binaries don’t use that mechanism.

For directories, the execute permission is a little different; it means you can do things to files within that directory (e. g. read or execute them). So let’s say you have a set of tools in /tools that you want people to be able to use, but only if they know about them. chmod 711 /tools. Then executable things in /tools can be run explicitly (e. g. /tools/mytool), but ls /tools/ will be denied. Similarly, documents could be stored in /private-docs which could be read if and only if the file names are known.

Method 2

On Gentoo, executable programs that are setuid (set to run with the permissions of their owner instead of their invoker) are denied read access (mode 4711). This is to add a layer of protection against exploitation of bugs to aid in privilege escalation.

If an unprivileged attacker can read a setuid file, and knows of a bug that allows a return-to-libc-style attack, they may be able to use the contents of the file to predict where certain useful functions or libraries are likely to be placed in memory when the program is invoked.

Modern systems often include additional protections that are more effective, such as ASLR, but the restrictions present in 32-bit platforms may leave them more easily exploitable.

Method 3

It looks like the value of “execute only” doesn’t have much use for a file, but it can be used to prevent one from reading the contents of a directory.

$ mkdir foo
$ touch foo/bar
$ ls foo/
bar
$ chmod 100 foo
$ ls foo/
ls: cannot open directory foo/: Permission denied

Method 4

You need to have read and execute permissions in order to execute a script. Reading the contents of a script is what allows it to execute, so you need to be able to read and execute. Otherwise, you can’t run a script without it.

What is a valid use case for an execute only permission?

Security. Some may want to protect their files and stop others from executing or using them.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x