Re: Directory and file permissions

To: debian-user@lists.debian.org
Subject: Re: Directory and file permissions
From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
Date: Wed, 8 Dec 2010 14:00:21 -0600
Message-id: <[🔎] 201012081400.27362.bss@iguanasuicide.net>
In-reply-to: <[🔎] 201012081217.41820.lisi.reisz@gmail.com>
References: <[🔎] 201012081217.41820.lisi.reisz@gmail.com>

In <[🔎] 201012081217.41820.lisi.reisz@gmail.com>, Lisi wrote:
>My google foo seems to have deserted me completely.  Could someone take
>pity? :-(
>
>Is it possible for a directory to have lower permissions than the files it
>contains?

What is lower?  Is 577 lower than 600 or vice-versa?

In any case, the permissions of a directory do not limit what permissions 
files in it can be given.  It is possible for a directory with 777 permissions 
to contain a file with 000 permissions AND vice-versa.

>And could those who have permissions for the files, but not the
>directory, gain access to the files?

The "r" bit on a directory means that you can walk the list of dirents to get 
name information.  Basically, that "ls" and similar things can show you which 
files are in the directory.

The "w" bit on a directory means that you can manipulate the directory 
contents.  You can link (create), unlink (delete), and rename files in it.

The "x" bit on a directory means that you can "search" it.  Specifically, if 
you already have a name of a dirent, it allows you to get the inode 
information.  This is required to perform virtually any action through the 
links in the directory opening them, stating them, etc.  This allows ls to 
show size, times, permissions, etc.

So, if a directory has "x", but not "rw" permissions you may be able to access 
files inside but only if you already know the name of them.  What actions 
would be allowed would be based on the permissions of the files, not the 
directory.

Directories without "x" permissions are rather rare, but if the only link to a 
file in is such a directory, it would be impossible to access even if you have 
"rwx" permissions on the file.

E.g.:
$ ls -lR test                          
test:
total 0
-rw-r--r-- 2 bss bss  0 Dec  8 13:56 new_name
drwxr-xr-x 2 bss bss 72 Dec  8 13:57 no_exec

test/no_exec:
total 0
-rw-r--r-- 2 bss bss 0 Dec  8 13:56 example
$ echo "linked" >> test/no_exec/example 
$ cat test/new_name
linked
$ chmod 000 test/no_exec
$ cat test/no_exec/example
cat: test/no_exec/example: Permission denied
$ echo "still linked" >> test/new_name 
$ chmod 755 test/no_exec
$ cat test/no_exec/example            
linked
still linked

-- 
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
bss@iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-'(. .)`-'
http://iguanasuicide.net/                    \_/

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: Directory and file permissions
  - From: gun_smoke@shellium.org

References:
- Directory and file permissions
  - From: Lisi <lisi.reisz@gmail.com>

Prev by Date: Re: How to disable services at startup... and keep them so.
Next by Date: Re: How to disable services at startup... and keep them so.
Previous by thread: Re: Directory and file permissions
Next by thread: Re: Directory and file permissions
Index(es):
- Date
- Thread