Cannot remove: Permission denied to delete file on local Linux file system, even with write permissions

Written by - 3 comments

Published on - Listed in Linux Unix


To delete a file or directory, the ownership and permissions are required. Basically the user needs to have write permissions on the file. It doesn't matter whether this user is owner or part of the group ownership of the file in question. But even this is sometimes not enough, as the following example shows.

Our local user "john" has access to the local /log/dev directory and can successfully list all the files in this path:

john@logserver:/log/dev$ ls -la
total 748
-rw-rw-rw- 1 logstash logstash  20932 Feb  9 11:55 app-dev-2022-02-09-10.log.gz
-rw-rw-rw- 1 logstash logstash  55433 Feb  9 12:38 app-dev-2022-02-09-11.log.gz
-rw-rw-rw- 1 logstash logstash   6679 Feb  9 16:29 app-dev-2022-02-09-15.log.gz
-rw-rw-rw- 1 logstash logstash  26099 Feb  9 17:18 app-dev-2022-02-09-16.log.gz
-rw-rw-rw- 1 logstash logstash  12028 Feb  9 18:07 app-dev-2022-02-09-17.log.gz
-rw-rw-rw- 1 logstash logstash  23340 Feb  9 19:53 app-dev-2022-02-09-18.log.gz
-rw-rw-rw- 1 logstash logstash  62450 Feb  9 20:41 app-dev-2022-02-09-19.log.gz
-rw-rw-rw- 1 logstash logstash 122669 Feb 10 10:55 app-dev-2022-02-10-09.log
-rw-rw-rw- 1 logstash logstash 317346 Feb 10 11:49 app-dev-2022-02-10-10.log
-rw-rw-rw- 1 logstash logstash  94678 Feb 10 12:00 app-dev-2022-02-10-11.log

The write permissions are given, as all these files have read-write permissions for owner, group and others (chmod 666). But as soon as john wants to delete a file, the user gets a permission denied:

john@logserver:/log/dev$ rm app-dev-2022-02-09-10.log.gz
rm: remove regular file 'app-dev-2022-02-09-10.log.gz'? y
rm: cannot remove 'app-dev-2022-02-09-10.log.gz': Permission denied

There are some wrong answers which can be found on the Internet, including hints that "only the owner can delete files". That's bogus. That's why the file permissions for others are there in the first place.

Although the file permissions are enough for john to delete the file, there is one more thing to consider: The parent directory. But why?

On this StackExchange question, user jsbillings describes such a situation very well:

Deleting a file means you are making changes to the directory it resides in

By looking at the permissions of the file's parent directory (/log/dev), we can see that "john" does not have write permissions:

root@logserver:~# ls -la /log/
total 64
drwxrwxrwx  7 logstash root      4096 Feb  9 11:16 .
drwxr-xr-x 20 root     root      4096 Jan 17 15:55 ..
drwxr-xr-x  2 logstash logstash  4096 Feb 10 13:10 dev
drwx------  2 root     root     16384 Jan 17 15:56 lost+found
drwxr-xr-x  2 logstash logstash  4096 Feb  4 11:00 prod
drwxr-xr-x  2 logstash logstash 12288 Feb 10 13:10 stage
drwxr-xr-x  2 logstash logstash 20480 Feb 10 13:10 test

Only the logstash user (directory owner) is allowed to write/modify the dev directory.

Let's adjust this a bit. We change the group ownership to john (or another group, user john is a member of) and set the write permissions for the group (chmod 775), too:

root@logserver:~# chown logstash:john /log/dev
root@logserver:~# chmod 775 /log/dev
root@logserver:~# ls -la /log/
total 64
drwxrwxrwx  7 logstash root      4096 Feb  9 11:16 .
drwxr-xr-x 20 root     root      4096 Jan 17 15:55 ..
drwxrwxr-x  2 logstash john      4096 Feb 10 13:10 dev
drwx------  2 root     root     16384 Jan 17 15:56 lost+found
drwxr-xr-x  2 logstash logstash  4096 Feb  4 11:00 prod
drwxr-xr-x  2 logstash logstash 12288 Feb 10 13:10 stage
drwxr-xr-x  2 logstash logstash 20480 Feb 10 13:10 test

After this ownership and permission change on the parent directory, user "john" can try to delete the file within /log/dev again:

john@logserver:/log/dev$ rm app-dev-2022-02-09-10.log.gz
rm: remove regular file 'app-dev-2022-02-09-10.log.gz'? y

No error this time, and the file is gone:

john@logserver:/log/dev$ ls -la
total 624
-rw-rw-rw- 1 logstash logstash  55433 Feb  9 12:38 app-dev-2022-02-09-11.log.gz
-rw-rw-rw- 1 logstash logstash   6679 Feb  9 16:29 app-dev-2022-02-09-15.log.gz
-rw-rw-rw- 1 logstash logstash  26099 Feb  9 17:18 app-dev-2022-02-09-16.log.gz
-rw-rw-rw- 1 logstash logstash  12028 Feb  9 18:07 app-dev-2022-02-09-17.log.gz
-rw-rw-rw- 1 logstash logstash  23340 Feb  9 19:53 app-dev-2022-02-09-18.log.gz
-rw-rw-rw- 1 logstash logstash  62450 Feb  9 20:41 app-dev-2022-02-09-19.log.gz
-rw-rw-rw- 1 logstash logstash  16791 Feb 10 10:55 app-dev-2022-02-10-09.log.gz
-rw-rw-rw- 1 logstash logstash 317346 Feb 10 11:49 app-dev-2022-02-10-10.log
-rw-rw-rw- 1 logstash logstash  94678 Feb 10 12:00 app-dev-2022-02-10-11.log



Add a comment

Show form to leave a comment

Comments (newest first)

ck from Switzerland wrote on Nov 4th, 2022:

Because of the parent directory (/) - or mount point in this case. It also needs write permissions. So you would have to "chmod 777 /" but that's a bad idea.


Anton from wrote on Nov 3rd, 2022:

Then why

under root
touch /test
chmod 0666 /test
or
chmod 666 /test

under user
rm /test
Permission denied


olly on linux from Hamburg wrote on Sep 12th, 2022:

That's exactly I just asking myself. So, the reason is the parent Dir .. Thanx a lot!


RSS feed

Blog Tags:

  AWS   Android   Ansible   Apache   Apple   Atlassian   BSD   Backup   Bash   Bluecoat   CMS   Chef   Cloud   Coding   Consul   Containers   CouchDB   DB   DNS   Database   Databases   Docker   ELK   Elasticsearch   Filebeat   FreeBSD   Galera   Git   GlusterFS   Grafana   Graphics   HAProxy   HTML   Hacks   Hardware   Icinga   Influx   Internet   Java   KVM   Kibana   Kodi   Kubernetes   LVM   LXC   Linux   Logstash   Mac   Macintosh   Mail   MariaDB   Minio   MongoDB   Monitoring   Multimedia   MySQL   NFS   Nagios   Network   Nginx   OSSEC   OTRS   Office   OpenSearch   PGSQL   PHP   Perl   Personal   PostgreSQL   Postgres   PowerDNS   Proxmox   Proxy   Python   Rancher   Rant   Redis   Roundcube   SSL   Samba   Seafile   Security   Shell   SmartOS   Solaris   Surveillance   Systemd   TLS   Tomcat   Ubuntu   Unix   VMWare   VMware   Varnish   Virtualization   Windows   Wireless   Wordpress   Wyse   ZFS   Zoneminder