What is the purpose of executable file access rights in Linux?
772
I never understood this, because if you have access to read a file, doesn't that mean you would be able to copy it somewhere else, thus allowing you to execute it anyway?
The Executable flag is there to indicate to the kernel that the data should be read and then run. This is implemented by having a different call for executing something and reading something. For compiled programs it is quite possible to have execute-only access to it and not have read access; you can't even 'cp' them elsewhere. For interpreted items like shell-scripts, read is needed for execution.
I know one Linux distro that uses the execute flag to control what scripts fire at bootup.
In short, the Execute flag is used to indicate the ability of compiled code to run. Interpreted code is run through the parent processor and may only need 'read'.
It protects the file from being accidentally executed.
It's obvious this way what files are executables (on Windows you need to check the registry for the list of executable file extensions to know that)
It protects you against some security exploits (attackers do not only need a way to put a file on your system and somehow execute it, they also need a way to change its permissions).
If the only disks the user can write to have an umask/mount option that "removes" the execute bit, they can't copy it somewhere else and make it executable (at least, not on that machine, and you might have to take other precautions too)
The Executable flag is there to indicate to the kernel that the data should be read and then run. This is implemented by having a different call for executing something and reading something. For compiled programs it is quite possible to have execute-only access to it and not have read access; you can't even 'cp' them elsewhere. For interpreted items like shell-scripts, read is needed for execution.
I know one Linux distro that uses the execute flag to control what scripts fire at bootup.
In short, the Execute flag is used to indicate the ability of compiled code to run. Interpreted code is run through the parent processor and may only need 'read'.
Some potential reasons:
There are probably other reasons...
No, this is not correct.
There are scenarios when you can't execute a file, even if it has the executable bit set. Here are at least two of them: