a question about permissions
Hi all, I am a newbie.
If I have /media/dir1 shows as follows: drwxr-x--- root root *** dir1 And 'mydir' is a subdirectory of 'dir1': drwxrwxrwx root root *** mydir If now someone logged in as 'user', can he accesses (goes into) 'mydir' by issuing 'cd /media/dir1/mydir'? The permission for 'dir1' denies his access to /media/dir1, but the permission for 'mydir' allows his access to 'mydir' which is actually '/media/dir1/mydir'! So what's the conclusion and how to explain it?? Thanks a lot! |
/media is default mount point for removable media such as pendrives, cd 's ..
root has a permission to format, rename ..etc operations on removable media. soo /media/*** has write permissions for root. pendrives has a filesystem FAT, FAT32. which gives read, write permissions to all users. so users has write permissions on /media/***/dir1. hope you understand. if not post. i am here to explain further. |
The answer in no, the user cannot access it.
The reason is that to access a file, you have to have access to all of the parent directories. That is what the x permission means on a directory. So unless users have x permission for /, /media and /media/dir1, they will not have access to files in /media/dir1 even if those files have r permission. |
The user will not be able to access /media/dir1/mydir because they can't access /media/dir1
the permissions mean : owner : (owners)group : world The permissions for directories always apply to anything inside them. So in your example /media/dir1 is set to drwxr-x--- which means root can read write and execute roots group can read and execute (but not write) the world can't do anything. So the world can't even see mydir even though they are technically allowed to write to it. If you set /media/dir1 to 755 (drwxr-xr-x) then the user would be able to get to mydir because they can read and execute dir1. But they could not create a new directory in dir1 because they don't have write permission, only read and execute. They could however create new files and directories in mydir (drwxrwxrwx), because they can see it and they have all permissions. Directories have to be readable and executable to be opened. |
Quote:
please checkout, you can have write permissions on pendrives. so, What i was saying is ... it doesn't matter the permissions of parent directory. if a child directory has drwxrwxrwx then that was enough for the user to access. but that user must know full path to that child directory (if he don't have read permissions of parent ). |
raju, your answer is wrong
You will find that the media is mounted 755 even if it is owned by root. The original question was Quote:
try it out if you don't believe me. |
Possibly confusing, to say the least...
For a directory: r: can read the contents w: can change the contents x: can enter But: set the permissions to 702 (others write only), and the ordinary user still cannot do anything?? Now I'm confused...... |
702 does not give execute permissions, so the user cannot open the directory.
Directories must be readable and executable r-x (5) for each type of user to access them. x alone is not enough because you can't read. You must always have read permissions as a basic rule, and execute if it's a directory. Write is optional. |
Quote:
As you told i tried. I tried with my pendrive. Code:
raju@Raju:/media> ls -l mounted by root, but normal user has also write permissions. |
The difference between you and me was ... Fedora & openSuSE.
Fedora: pendrive mounted by root , group permissions also for root only. openSuSE: pendrive mounted by normal user, group permission for root. |
raju, your "proof" actually proves my point.
the pendrive is mounted 755 and owned by the user The original poster asked about 750 owned by root Why are you arguing about something that wasn't in the question asked ? We are not talking about pen drives on suse. We are discussing drwxr-x--- root root *** dir1 Oh, and BTW, in fedora, any pen drives or flash is mounted as the user (700), not as root. |
Ok then, it can possible if a root user give 777 for a particular directory.
so owner of parent directory, child directory was root. But every user can modify it. so even if /media,/media/dir1 has read permissions, a user can access the /media/dir1/mydir1 Code:
$ cd /media |
On a directory 'x' controls access to the inodes of the files/subdirectories contained within it. Strictly speaking you don't need either 'r' or 'w' to access the files within a directory so long as you already know their names.
Code:
bash-3.1$ mkdir testdir You need 'w' on a directory if you want to create, rename or delete files in it. Now, look what happens when you remove 'x', and only have 'r' [code[ bash-3.1$ chmod 400 testdir bash-3.1$ ls -ld testdir dr-------- 2 gazl users 4096 2010-02-21 16:19 testdir bash-3.1$ ls testdir file bash-3.1$ ls -l testdir/file ls: cannot access testdir/file: Permission denied bash-3.1$ [/code] ... in this example you can ls, but not ls -l (the stats for the file are stored in the inode, and 'x' controls the access to that). Have a play for yourself, its quite interesting what you can and cannot do with various combinations of permissions, and well worth investing 5 minutes to learn how it all hangs together. |
drwxr-x--- root root *** dir1
Code:
root@kids smoker]# ls -l dir1 Code:
smoker@kids ~]# ls -l dir1 Code:
root@kids ~]# ls -l /home/smoker/dir1/test Code:
smoker@kids ~]# ls -l /home/smoker/dir1/test/test.txt Code:
root@kids dir1]# ls -l Code:
smoker@kids ~]# ls dir1/test |
Thank you very much for all your replies especially for that of smoker, raju.mopidevi, and GazL.
I test myself and it seems that the answer of smoker is right. All that I learned is that if in /home/, there exists a directory drwx------ 2 root root 4096 2010-01-21 14:03 rootsdir Then no user (except for root) can 'r' or 'w' or 'x' any entry which succeeds the dir. tree /home/rootsdir/. Is this right? I just want an absolute answer for some security reasons. I am wondering that how can raju.mopidevi's example $ cd /media/dir1 bash: cd: /media/dir1: Permission denied $cd /media/dir1/mydir1 $/media/dir1/mydir1 > .... be true??! (Without saying that the current user is not changed) |
All times are GMT -5. The time now is 04:44 AM. |