On Wed, Dec 08, 2010 at 07:17:41AM EST, Lisi wrote: > My google foo seems to have deserted me completely. Could someone take > pity? :-( > > Is it possible for a directory to have lower permissions than the files it > contains? And could those who have permissions for the files, but not the > directory, gain access to the files? > > My instinct says no. But it would not be for the first time if my instinct > is > wrong. > > Thanks for any help anyone feels able to give,
There's the case where you only set the ‘x’ flag for group & other: $ mkdir /tmp/t $ chmod go-rw /tmp/t $ ls -alchd /tmp/t drwx--x--x 2 me me 4.0K 2010-12-08 08:33 /tmp/t $ echo ‘xxx’ > /tmp/t/t.txt $ ls -alch /tmp/t -rw-r--r-- 1 me me 4 2010-12-08 08:45:47.000000000 -0500 x.txt $ chmod ugo+rwx /tmp/t/t.txt $ ls -alch /tmp/t -rwxrwxrwx 1 me me 4 2010-12-08 08:45:47.000000000 -0500 x.txt Now user ‘her’ can cd to /tmp/t/ but cannot ‘ls’ its contents. Even bash tab completion will refuse to yield any of the directory's secrets. So if ‘her’ knows that there is a file named ‘x.txt’ in there, she can list or modify its contents, execute it if something executable lives in there. What ‘her’ cannot do is anything that would require read or write permissions to the /tmp/t directory, such as list (ls) or change (rm, mv..) its contents. With the above scenario, the directory has lower permissions than the files it contains and ‘those who have permissions’ - everybody in this instance - to the files can ‘gain access’ to the files (rw access). Barring any typos and stuff, the above should be correct, but if you google for ‘linux file permissions’ you shall come up with clearer and likely more reliable explanations. What I do not know is why this was thus designed, except perhaps to confuse the likes of me.. cj -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
