The semantics of the abstract set of access rights in the context of files and devices
is straightforward,
but not for directories.
The following is a possible definition of these access rights
for directories:
Read: determine the names of the files in the directory
Write: modify local file names, add and delete files.
However,
the user is not allowed to open the directory for writing,
for which no operation exists.
The only way to modify a directory is by service calls.
Append: add new files.
Delete: remove this directory.
Modify Rights: modify access rights to this directory
Set Owner: set the owner of the directory
Execute: open files in this directory.
This right
is used to protect the files in the directory.
A file can be opened only if a user has the `execute' access right on all
directories in the absolute name of the file.
(Should relative names be used instead?)
Not all systems
define one set of rights for both directories
and files.
In particular,
AFS defines two sets of rights - file rights (Read, Write, Lock) and directory rights
(Lookup, Insert, Delete, Administer).
This approach not only decreases uniformity in the system
but also does not allow a file to inherit the rights of its
directory.
Thus,
AFS does not allow a file to inherit the read (Lookup)
right of its directory.
A symptom of this non uniformity is that the Insert right is defined for
directories but not files.