I was looking at the source code to the which(1) command (apt-get source
which = which-2.14 ).
As you might imagine, which(1) prepends the path to a name, checks if
it exists and then checks if it's executable by the current process
(your uid).
In the which package is a file "bash.c" that contains the following
code. At this point the file has been found and now it's just checking
permissions.
/* If we are the owner of the file, the owner execute bit applies. */
if (user_id == finfo.st_uid && X_BIT (u_mode_bits (finfo.st_mode)))
return (FS_EXISTS | FS_EXECABLE);
/* If we are in the owning group, the group permissions apply. */
if (group_member (finfo.st_gid) && X_BIT (g_mode_bits (finfo.st_mode)))
return (FS_EXISTS | FS_EXECABLE);
/* If `others' have execute permission to the file, then so do we,
since we are also `others'. */
if (X_BIT (o_mode_bits (finfo.st_mode)))
return (FS_EXISTS | FS_EXECABLE);
else
return (FS_EXISTS);
This seems wrong, if I understand Linux permissions correctly. If you
are the *owner* of a file, then it's the *owner* permissions that count.
If the owner perms say you can't read it then it doesn't matter what the
group and other perms are.
In that code above if you are the owner but don't have execute perms
then it moves onto checking the group perms, and then "other" perms.
Am I crazy is is that code wrong?