[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: File and directory permissions



<epsilon491@tutanota.com> wrote:
> Sorry, it is very counter intuitive to me.
> So what you say is this: if there is an open terminal before chmod
> 700, then I can use that terminal to access "apple", but after I close
> terminal B, there is no way to access that apple directory? Neither
> with a shall window, nor with another software?

The shell is already in "apple", so yes it can continue doing things in
that directory. Once you leave (or log out of that terminal), you will
no longer have access.

Think of it as being somewhat like a parking lot / garage with a gate at the
entrance.

You enter the lot / garage, get your ticket, and are admitted in.  Now
you're free to go anywhere in the lot to find a space (equivalent of
opening / editing files).  

While you're driving around the lot, the attendant closes the gate and
puts up a "Lot Full" sign; someone coming in after you (barring them
being one of those "I can use a 'reserved' spot" types) gets turned
away. (or you'll get turned away if you leave, and try re-entering).

> In some cases this may lead to serious security issues, doesn't it?
> Let me ask this specific question: is there any way to access apple,
> otheri than the already open terminal B? If not, then it is ok, but
> there is any w ay to access apple, then I have to do recursive chown
> and chmod to make sure nobody can access anything below /opt/experiment.

No, why would you think that creates a security issue?  

No, once access to apple (or any directory in the chain) is revoked, it
is impossible for users to access the "apple" directory.

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281


Reply to: