Suppose you have a directory /mydir which has permissions 770.
Now suppose you have a directory /mydir/subdir which has permissions
777.
Will a user who is not the owner of /mydir and not in the group
specified for /mydir be able to access /mydir/subdir?
I would expect that as one "digs" down from / at each level
permissions would be checked and if not valid the request would fail.
However, I have spent an hour digging around looking for somewhere
that says how it works with no success.
Thanks, especially if you can point me to something that gives a
definitive explanation.
--
Legacy browsers never heard of emerging standards.
(contact via http://www.ren-prod-inc.com/hug_soft)
|
|
0
|
|
|
|
Reply
|
 contact_info (2)
|
11/13/2006 10:26:28 PM |
|
On Monday 13 November 2006 23:26, hug stood up and addressed the masses
in /comp.os.linux.misc/ as follows...:
> Suppose you have a directory /mydir which has permissions 770.
>
> Now suppose you have a directory /mydir/subdir which has permissions
> 777.
>
> Will a user who is not the owner of /mydir and not in the group
> specified for /mydir be able to access /mydir/subdir?
Yes, if he supplies the full path to it or "traverses" a symbolic link
elsewhere pointing to it.
> I would expect that as one "digs" down from / at each level
> permissions would be checked and if not valid the request would fail.
> However, I have spent an hour digging around looking for somewhere
> that says how it works with no success.
>
> Thanks, especially if you can point me to something that gives a
> definitive explanation.
The simplest description would be this: the permissions of a file or
directory depend upon the permission mask of said file or directory *and*
on the permission mask of directory _containing_ said file or directory.
For instance: if you have read _and_ write permission on a file located in a
directory where you have read permission but no write permission, then you
_can_ alter the file's contents but you _cannot_ delete the file - which
would be a write operation on the directory containing it.
A practical example, more along the lines of what you're asking: in most
GNU/Linux distributions, */usr/tmp* is a symbolic link to */var/tmp.* On
my system, */usr/ is mounted read-only. Yet anything requiring write
access to */usr/tmp* will indeed have write access to it (if the
permissions allow it), because */var/tmp* is mounted writeable.
Similarly, it is possible to have a system running in normal "production"
mode with its root filesystem mounted read-only. After all, if the
necessary filesystems are separated from the root filesystem and mounted
read/write - this would of course also include using /udev/ (or /devfs/ for
2.4 kernels) - then there is no problem. Well, aside from a few other
tweaks that need to be taken care of, but it's quite feasible.
The only difference with the situation you are referring to is the
writability determined via permissions or via mount options. Mount options
are at a lower-level than permissions, but the logical mechanisms with
regard to write permissions are the same.
--
With kind regards,
*Aragorn*
(registered GNU/Linux user #223157)
|
|
|
0
|
|
|
|
Reply
|
 stryder (1498)
|
11/13/2006 11:09:09 PM
|
|
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.
--=_mimegpg-commodore.email-scan.com-13936-1163459686-0001
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
hug writes:
> Suppose you have a directory /mydir which has permissions 770.
>
> Now suppose you have a directory /mydir/subdir which has permissions
> 777.
>
> Will a user who is not the owner of /mydir and not in the group
> specified for /mydir be able to access /mydir/subdir?
No.
> I would expect that as one "digs" down from / at each level
> permissions would be checked and if not valid the request would fail.
All true, with one small exception. If someone's current directory was
already subdir before you removed all other permissions from its parent
directory, they'll still be able to screw around in the subdirectory.
--=_mimegpg-commodore.email-scan.com-13936-1163459686-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQBFWPxmx9p3GYHlUOIRAnNEAJ9nANuqOTSiqqN30jgNXqchQXsrpgCeK9f4
ne0AoA1hbXdSc0Hs2JBhDj4=
=TdE7
-----END PGP SIGNATURE-----
--=_mimegpg-commodore.email-scan.com-13936-1163459686-0001--
|
|
|
0
|
|
|
|
Reply
|
 sam217 (1597)
|
11/13/2006 11:14:47 PM
|
|
So anyway, it was like, 00:09 CET Nov 14 2006, you know? Oh, and, yeah,
Aragorn was all like, "Dude,
> On Monday 13 November 2006 23:26, hug stood up and addressed the masses
> in /comp.os.linux.misc/ as follows...:
>> Suppose you have a directory /mydir which has permissions 770.
>>
>> Now suppose you have a directory /mydir/subdir which has
>> permissions 777.
>>
>> Will a user who is not the owner of /mydir and not in the group
>> specified for /mydir be able to access /mydir/subdir?
>
> Yes, if he supplies the full path to it or "traverses" a symbolic
> link elsewhere pointing to it.
That does not work on my linux systems, I'd be interested to know how
you manage it.
--
Time flies like an arrow, fruit flies like a banana. Perth ---> *
10:14:16 up 5 days, 7:55, 6 users, load average: 0.44, 0.28, 0.15
Linux 2.6.18.1 x86_64 GNU/Linux Registered Linux user #261729
|
|
|
0
|
|
|
|
Reply
|
 spam7 (1368)
|
11/14/2006 9:16:08 AM
|
|
On Tuesday 14 November 2006 10:16, Johan Lindquist stood up and addressed
the masses in /comp.os.linux.misc/ as follows...:
> So anyway, it was like, 00:09 CET Nov 14 2006, you know? Oh, and, yeah,
> Aragorn was all like, "Dude,
>> On Monday 13 November 2006 23:26, hug stood up and addressed the masses
>> in /comp.os.linux.misc/ as follows...:
>
>>> Suppose you have a directory /mydir which has permissions 770.
>>>
>>> Now suppose you have a directory /mydir/subdir which has
>>> permissions 777.
>>>
>>> Will a user who is not the owner of /mydir and not in the group
>>> specified for /mydir be able to access /mydir/subdir?
>>
>> Yes, if he supplies the full path to it or "traverses" a symbolic
>> link elsewhere pointing to it.
>
> That does not work on my linux systems, I'd be interested to know how
> you manage it.
I stand corrected... I've tried it with a couple of newly created and
root-owned directories in my home directory, and indeed it doesn't work.
Strange though, as I recall that it used to work in older versions of my
distribution...
I apologize for the misinformation... ;-)
--
With kind regards,
*Aragorn*
(registered GNU/Linux user #223157)
|
|
|
0
|
|
|
|
Reply
|
stryder (1498)
|
11/14/2006 7:46:14 PM
|
|
On Tue, 14 Nov 2006 19:46:14 GMT, Aragorn
<stryder@telenet.invalid> wrote:
> On Tuesday 14 November 2006 10:16, Johan Lindquist stood up and addressed
> the masses in /comp.os.linux.misc/ as follows...:
>
>> So anyway, it was like, 00:09 CET Nov 14 2006, you know? Oh, and, yeah,
>> Aragorn was all like, "Dude,
>>> On Monday 13 November 2006 23:26, hug stood up and addressed the masses
>>> in /comp.os.linux.misc/ as follows...:
>>
>>>> Suppose you have a directory /mydir which has permissions 770.
>>>>
>>>> Now suppose you have a directory /mydir/subdir which has
>>>> permissions 777.
>>>>
>>>> Will a user who is not the owner of /mydir and not in the group
>>>> specified for /mydir be able to access /mydir/subdir?
>>>
>>> Yes, if he supplies the full path to it or "traverses" a symbolic
>>> link elsewhere pointing to it.
>>
>> That does not work on my linux systems, I'd be interested to know how
>> you manage it.
>
> I stand corrected... I've tried it with a couple of newly created and
> root-owned directories in my home directory, and indeed it doesn't work.
>
> Strange though, as I recall that it used to work in older versions of my
> distribution...
>
> I apologize for the misinformation... ;-)
>
To access files or subdirectories within a directory, you need execute
permission (771 vs. 770). Read permission allows you to list the
contents of a directory.
--
What an author likes to write most is his signature on the back of a cheque.
-- Brendan Francis
|
|
|
0
|
|
|
|
Reply
|
 bmarcum (929)
|
11/15/2006 1:27:06 AM
|
|
Aragorn <stryder@telenet.invalid> wrote:
>On Tuesday 14 November 2006 10:16, Johan Lindquist stood up and addressed
>the masses in /comp.os.linux.misc/ as follows...:
>
>> So anyway, it was like, 00:09 CET Nov 14 2006, you know? Oh, and, yeah,
>> Aragorn was all like, "Dude,
>>> On Monday 13 November 2006 23:26, hug stood up and addressed the masses
>>> in /comp.os.linux.misc/ as follows...:
>>
>>>> Suppose you have a directory /mydir which has permissions 770.
>>>>
>>>> Now suppose you have a directory /mydir/subdir which has
>>>> permissions 777.
>>>>
>>>> Will a user who is not the owner of /mydir and not in the group
>>>> specified for /mydir be able to access /mydir/subdir?
>>>
>>> Yes, if he supplies the full path to it or "traverses" a symbolic
>>> link elsewhere pointing to it.
>>
>> That does not work on my linux systems, I'd be interested to know how
>> you manage it.
>
>I stand corrected... I've tried it with a couple of newly created and
>root-owned directories in my home directory, and indeed it doesn't work.
>
>Strange though, as I recall that it used to work in older versions of my
>distribution...
>
>I apologize for the misinformation... ;-)
It happens. Memories fog, versions change, expecting anyone to be
continually correct (especially oneself) is a failing proposition.
One of the support guys at my hosting service verified that it does in
fact work the way I need it to work on the system in question.
Thanks all.
--
Legacy browsers never heard of emerging standards.
(contact via http://www.ren-prod-inc.com/hug_soft)
|
|
|
0
|
|
|
|
Reply
|
contact_info (2)
|
11/15/2006 9:54:33 AM
|
|
|
6 Replies
34 Views
(page loaded in 0.11 seconds)
Similiar Articles: getting user file ownership and permissions right after a disk ...I have an iMac running Mac OS 10.3.9 which had a ... Post Question | Groups ... The permissions still don't look quite right, but the non ... Finding if read/write/execute permissions - comp.unix.solaris ...... Post Question | Groups | ... bourne shell, I would like to find out if a user has > read/write/execute permissions ... ls with octal permissions: single line solution - comp.unix ...Hi there, For those who want to have "0755" style permissions with ls I made this ... Post Question | Groups | ... tar: /dev/rmt/0: Permission denied tape drive prob - comp.unix ...... Post Question | Groups ... ls -al /dev/rmt/0 this command and it has full > permissions ... dev/rmt/0: Permission denied tape drive prob. 3. ssh publickey authentication - comp.unix.solarisWhy is this type of authentication sensitive to permissions on the remote user's home ... Near as I could tell, only having the source would have answered my question. Overcoming insufficient permissions for PDF image extraction to ...... com wrote: > How do I overcome the "insufficient permissions ... who need this to post accurately to forums), the question ... #3: Print the PDF to PostScript and somehow use a ... dtpad and file permissions - comp.unix.solaris... Post Question | Groups | ... you load a file into dtpad and save the file, dtpad will change the file permissions ... show numeric (octal) representation of permissions - comp.unix ...... Post Question | Groups | ... > > Hi, > > a - maybe unexpected - way to show the numeric permissions > of "file" is ... Samba folder and subfolder permissions - comp.os.linux.misc ...... Post Question | Groups ... Samba folder and subfolder permissions - comp.os.linux.misc ... ... os.linux.misc ... ld.so.1: tar: fatal: libintl.so.3 ... CMASK & UMASK in Solaris 10 - Beginner Question - comp.unix ...Hello, Got couple simple questions for Unix experts out there. Our Solaris 10 ... Please see: man umask Essentially you are changing default access permissions from ... Websense Support Webinar: Questions and Answerssteps require administrator rights. Question: In Websense Enterprise v6.3.2, there are 3 files that have all your settings for backup. Is this the same case for 7.0? Miranda Vs. Arizona Case questions? - Yahoo! AnswersQuestion 3: Individual rights must be balanced against the values of society at large. For instance, the right to free speech must be balanced against our ... 7/24/2012 7:24:39 AM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
18 followers. 