How secure are nested/indirect file access restrictions?
Hello!
Let's assume the following file permissions:
drwxr-xr-x root root /srv
drwxr-x--- root srv-www /srv/www
drwxrws--x root dev-1 /srv/www/dom-1
-rw-rw-r-- usr-1 dev-1 /srv/www/dom-1/index.php
While the html subfolder perms allow write access only to root and users
within dev-1, index.php would be world-readable, but "indirectly" filtered by
the perms of www, which denies access to anyone that is not a group member of
srv-www. (of course, any member of dev-1 must be a member of srv-www, too)
The idea is to distinct between one user (file-owner), one group with write
access (e.g. developer) and one group with limited read access (webserver),
and to deny access to anyone else at the same time, using standard unix access
rights.
Are there any security implications?
By now, I only came across that remounting the file structure would break the
permissions in effect. But (re)mounting shall be allowed by root only.
/andy
Reply to: