Re: File and directory permissions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Mar 07, 2018 at 12:42:19PM +0100, epsilon491@tutanota.com wrote:
> OK thanks for the explanations.
> To make sure:
> 1.) To prevent this scenario, I have to do recursive chown and chmod.
I don't quite understand what you mean by "scenario": that a process
under the uid of "aristo" can modify the subdirectory "apple"? If you
don't want that, yes, you'll have to change its owner (or group) and
set its permissions accordingly.
> 2.) If I chmod only /opt/experiment, there is absolutely no other way to access apple, other than an already open terminal.
Forget the terminal. It's the shell (in this case: it could be any
process in other cases). There are other ways, see below:
> Correct?
Not quite: try
su
cd /opt/experiments/apple
su aristo
touch ccc # now I modified dir apple as user aristo
Or better with sudo, anyway:
sudo -s
cd /opt/experiments/apple
sudo -u aristo -s
touch ccc # now I modified dir apple as user aristo
"You" just need a "helper process" which can traverse experiments and
gives "you" [1] an open descriptor to "apple". There are other ways
to pass open file descriptors around in Unix-like systems. Quite
possibly you can use them in a similar way.
[1] "You" is here just a shorthand for "the process running under the
aristo UID which can't by itself open the whole path /opt/experiments/apple)
Cheers
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlqf1JMACgkQBcgs9XrR2kaklACfSWlqj3k/6iQwTxYs0RkOZaih
hB4An1eP+iVNa8uy7W1rrgQyS0KA1AIc
=uHKo
-----END PGP SIGNATURE-----
Reply to: