a question about permissions
 

Hi all, I am a newbie.
If I have /media/dir1 shows as follows:
drwxr-x--- root root *** dir1

And 'mydir' is a subdirectory of 'dir1':
drwxrwxrwx root root *** mydir

If now someone logged in as 'user',
can he accesses (goes into) 'mydir' by issuing 'cd /media/dir1/mydir'?

The permission for 'dir1' denies his access to /media/dir1,
but the permission for 'mydir' allows his access to 'mydir' which is actually '/media/dir1/mydir'!

So what's the conclusion and how to explain it??

Thanks a lot!

/media is default mount point for removable media such as pendrives, cd 's ..

root has a permission to format, rename ..etc operations on removable media.
soo /media/*** has write permissions for root.

pendrives has a filesystem FAT, FAT32. which gives read, write permissions to all users.
so users has write permissions on /media/***/dir1.

hope you understand. if not post. i am here to explain further.

The answer in no, the user cannot access it.

The reason is that to access a file, you have to have access to all
of the parent directories. That is what the x permission means on
a directory. So unless users have x permission for /, /media and
/media/dir1, they will not have access to files in /media/dir1 even
if those files have r permission.

The user will not be able to access /media/dir1/mydir because they can't access /media/dir1

the permissions mean :

owner : (owners)group : world

The permissions for directories always apply to anything inside them.

So in your example
/media/dir1

is set to
drwxr-x---

which means

root can read write and execute
roots group can read and execute (but not write)
the world can't do anything.

So the world can't even see mydir even though they are technically allowed to write to it.

If you set /media/dir1 to 755 (drwxr-xr-x) then the user would be able to get to mydir because they can read and execute dir1.

But they could not create a new directory in dir1 because they don't have write permission, only read and execute.

They could however create new files and directories in mydir (drwxrwxrwx), because they can see it and they have all permissions.

Directories have to be readable and executable to be opened.

I say yes.

please checkout, you can have write permissions on pendrives.

so, What i was saying is ...

it doesn't matter the permissions of parent directory. if a child directory has drwxrwxrwx then that was enough for the user to access.

but that user must know full path to that child directory (if he don't have read permissions of parent ).

raju, your answer is wrong

You will find that the media is mounted 755 even if it is owned by root.

The original question was
That is not sufficient permissions (750) for a user to access /media/dir1 or anything inside it.

try it out if you don't believe me.

Possibly confusing, to say the least...

For a directory:
r: can read the contents
w: can change the contents
x: can enter

But: set the permissions to 702 (others write only), and the ordinary user still cannot do anything?? Now I'm confused......

702 does not give execute permissions, so the user cannot open the directory.
Directories must be readable and executable r-x (5) for each type of user to access them.
x alone is not enough because you can't read.
You must always have read permissions as a basic rule, and execute if it's a directory. Write is optional.

Hi,
As you told i tried. I tried with my pendrive.

now what would you say ?

mounted by root, but normal user has also write permissions.

The difference between you and me was ... Fedora & openSuSE.

Fedora: pendrive mounted by root , group permissions also for root only.
openSuSE: pendrive mounted by normal user, group permission for root.

raju, your "proof" actually proves my point.

the pendrive is mounted 755 and owned by the user

The original poster asked about 750 owned by root

Why are you arguing about something that wasn't in the question asked ?

We are not talking about pen drives on suse.

We are discussing drwxr-x--- root root *** dir1

Oh, and BTW, in fedora, any pen drives or flash is mounted as the user (700), not as root.

Ok then, it can possible if a root user give 777 for a particular directory.
so owner of parent directory, child directory was root. But every user can modify it.
so even if /media,/media/dir1 has read permissions, a user can access the /media/dir1/mydir1

if a normal user knows whole path, that's enough.

On a directory 'x' controls access to the inodes of the files/subdirectories contained within it. Strictly speaking you don't need either 'r' or 'w' to access the files within a directory so long as you already know their names.

You need 'r' on a directory if you want to list its contents.
You need 'w' on a directory if you want to create, rename or delete files in it.


Now, look what happens when you remove 'x', and only have 'r'
[code[
bash-3.1$ chmod 400 testdir
bash-3.1$ ls -ld testdir
dr-------- 2 gazl users 4096 2010-02-21 16:19 testdir
bash-3.1$ ls testdir
file
bash-3.1$ ls -l testdir/file
ls: cannot access testdir/file: Permission denied
bash-3.1$
[/code]
... in this example you can ls, but not ls -l (the stats for the file are stored in the inode, and 'x' controls the access to that).


Have a play for yourself, its quite interesting what you can and cannot do with various combinations of permissions, and well worth investing 5 minutes to learn how it all hangs together.

drwxr-x--- root root *** dir1

Thank you very much for all your replies especially for that of smoker, raju.mopidevi, and GazL.
I test myself and it seems that the answer of smoker is right.

All that I learned is that if in /home/, there exists a directory

drwx------ 2 root root 4096 2010-01-21 14:03 rootsdir

Then no user (except for root) can 'r' or 'w' or 'x' any entry which succeeds the dir. tree /home/rootsdir/.
Is this right? I just want an absolute answer for some security reasons.

I am wondering that how can raju.mopidevi's example

$ cd /media/dir1
bash: cd: /media/dir1: Permission denied
$cd /media/dir1/mydir1
$/media/dir1/mydir1 > ....

be true??! (Without saying that the current user is not changed)