LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-21-2010, 07:48 AM   #1
iamonly
LQ Newbie
 
Registered: Nov 2009
Distribution: Slackware 12.2.0
Posts: 13

Rep: Reputation: 0
a question about permissions


Hi all, I am a newbie.
If I have /media/dir1 shows as follows:
drwxr-x--- root root *** dir1

And 'mydir' is a subdirectory of 'dir1':
drwxrwxrwx root root *** mydir

If now someone logged in as 'user',
can he accesses (goes into) 'mydir' by issuing 'cd /media/dir1/mydir'?

The permission for 'dir1' denies his access to /media/dir1,
but the permission for 'mydir' allows his access to 'mydir' which is actually '/media/dir1/mydir'!

So what's the conclusion and how to explain it??

Thanks a lot!
 
Old 02-21-2010, 08:07 AM   #2
raju.mopidevi
Senior Member
 
Registered: Jan 2009
Location: vijayawada, India
Distribution: openSUSE 11.2, Ubuntu 9.0.4
Posts: 1,155
Blog Entries: 12

Rep: Reputation: 92
/media is default mount point for removable media such as pendrives, cd 's ..

root has a permission to format, rename ..etc operations on removable media.
soo /media/*** has write permissions for root.

pendrives has a filesystem FAT, FAT32. which gives read, write permissions to all users.
so users has write permissions on /media/***/dir1.

hope you understand. if not post. i am here to explain further.
 
Old 02-21-2010, 08:08 AM   #3
carltm
Member
 
Registered: Jan 2007
Location: Canton, MI
Distribution: CentOS, SuSE, Red Hat, Debian, etc.
Posts: 703

Rep: Reputation: 97
The answer in no, the user cannot access it.

The reason is that to access a file, you have to have access to all
of the parent directories. That is what the x permission means on
a directory. So unless users have x permission for /, /media and
/media/dir1, they will not have access to files in /media/dir1 even
if those files have r permission.
 
Old 02-21-2010, 08:20 AM   #4
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 249Reputation: 249Reputation: 249
The user will not be able to access /media/dir1/mydir because they can't access /media/dir1

the permissions mean :

owner : (owners)group : world

The permissions for directories always apply to anything inside them.

So in your example
/media/dir1

is set to
drwxr-x---

which means

root can read write and execute
roots group can read and execute (but not write)
the world can't do anything.

So the world can't even see mydir even though they are technically allowed to write to it.

If you set /media/dir1 to 755 (drwxr-xr-x) then the user would be able to get to mydir because they can read and execute dir1.

But they could not create a new directory in dir1 because they don't have write permission, only read and execute.

They could however create new files and directories in mydir (drwxrwxrwx), because they can see it and they have all permissions.

Directories have to be readable and executable to be opened.

Last edited by smoker; 02-21-2010 at 08:25 AM.
 
Old 02-21-2010, 08:49 AM   #5
raju.mopidevi
Senior Member
 
Registered: Jan 2009
Location: vijayawada, India
Distribution: openSUSE 11.2, Ubuntu 9.0.4
Posts: 1,155
Blog Entries: 12

Rep: Reputation: 92
Quote:
Originally Posted by carltm View Post
The answer in no, the user cannot access it.

The reason is that to access a file, you have to have access to all
of the parent directories. That is what the x permission means on
a directory. So unless users have x permission for /, /media and
/media/dir1, they will not have access to files in /media/dir1 even
if those files have r permission.
I say yes.

please checkout, you can have write permissions on pendrives.

so, What i was saying is ...

it doesn't matter the permissions of parent directory. if a child directory has drwxrwxrwx then that was enough for the user to access.

but that user must know full path to that child directory (if he don't have read permissions of parent ).
 
Old 02-21-2010, 09:08 AM   #6
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 249Reputation: 249Reputation: 249
raju, your answer is wrong

You will find that the media is mounted 755 even if it is owned by root.

The original question was
Quote:
If I have /media/dir1 shows as follows:
drwxr-x--- root root *** dir1
That is not sufficient permissions (750) for a user to access /media/dir1 or anything inside it.

try it out if you don't believe me.

Last edited by smoker; 02-21-2010 at 09:11 AM. Reason: spelling
 
Old 02-21-2010, 09:19 AM   #7
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
Possibly confusing, to say the least...

For a directory:
r: can read the contents
w: can change the contents
x: can enter

But: set the permissions to 702 (others write only), and the ordinary user still cannot do anything?? Now I'm confused......
 
Old 02-21-2010, 09:27 AM   #8
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 249Reputation: 249Reputation: 249
702 does not give execute permissions, so the user cannot open the directory.
Directories must be readable and executable r-x (5) for each type of user to access them.
x alone is not enough because you can't read.
You must always have read permissions as a basic rule, and execute if it's a directory. Write is optional.

Last edited by smoker; 02-21-2010 at 09:29 AM.
 
Old 02-21-2010, 09:36 AM   #9
raju.mopidevi
Senior Member
 
Registered: Jan 2009
Location: vijayawada, India
Distribution: openSUSE 11.2, Ubuntu 9.0.4
Posts: 1,155
Blog Entries: 12

Rep: Reputation: 92
Quote:
Originally Posted by smoker View Post
That is not sufficient permissions (750) for a user to access /media/dir1 or anything inside it.

try it out if you don't believe me.
Hi,
As you told i tried. I tried with my pendrive.

Code:
raju@Raju:/media> ls -l
total 16
drwxr-xr-x 10 raju root 16384 1970-01-01 05:30 RAJ
now what would you say ?

mounted by root, but normal user has also write permissions.
 
Old 02-21-2010, 09:43 AM   #10
raju.mopidevi
Senior Member
 
Registered: Jan 2009
Location: vijayawada, India
Distribution: openSUSE 11.2, Ubuntu 9.0.4
Posts: 1,155
Blog Entries: 12

Rep: Reputation: 92
The difference between you and me was ... Fedora & openSuSE.

Fedora: pendrive mounted by root , group permissions also for root only.
openSuSE: pendrive mounted by normal user, group permission for root.
 
Old 02-21-2010, 10:16 AM   #11
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 249Reputation: 249Reputation: 249
raju, your "proof" actually proves my point.

the pendrive is mounted 755 and owned by the user

The original poster asked about 750 owned by root

Why are you arguing about something that wasn't in the question asked ?

We are not talking about pen drives on suse.

We are discussing drwxr-x--- root root *** dir1

Oh, and BTW, in fedora, any pen drives or flash is mounted as the user (700), not as root.

Last edited by smoker; 02-21-2010 at 10:22 AM.
 
1 members found this post helpful.
Old 02-21-2010, 10:27 AM   #12
raju.mopidevi
Senior Member
 
Registered: Jan 2009
Location: vijayawada, India
Distribution: openSUSE 11.2, Ubuntu 9.0.4
Posts: 1,155
Blog Entries: 12

Rep: Reputation: 92
Ok then, it can possible if a root user give 777 for a particular directory.
so owner of parent directory, child directory was root. But every user can modify it.
so even if /media,/media/dir1 has read permissions, a user can access the /media/dir1/mydir1

Code:
$ cd /media
bash: cd: media: Permission denied
$ cd /media/dir1
bash: cd: /media/dir1: Permission denied
$cd /media/dir1/mydir1
$/media/dir1/mydir1 >  ....
if a normal user knows whole path, that's enough.
 
Old 02-21-2010, 10:28 AM   #13
GazL
Senior Member
 
Registered: May 2008
Posts: 4,232
Blog Entries: 6

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
On a directory 'x' controls access to the inodes of the files/subdirectories contained within it. Strictly speaking you don't need either 'r' or 'w' to access the files within a directory so long as you already know their names.

Code:
bash-3.1$ mkdir testdir
bash-3.1$ echo wibble >testdir/file
bash-3.1$ chmod 600 testdir/file
bash-3.1$ chmod 100 testdir
bash-3.1$ ls -ld testdir
d--x------ 2 gazl users 4096 2010-02-21 16:19 testdir
bash-3.1$ ls testdir
ls: cannot open directory testdir: Permission denied
bash-3.1$ ls testdir/*
ls: cannot access testdir/*: No such file or directory
bash-3.1$ ls -l testdir/file
-rw------- 1 gazl users 7 2010-02-21 16:19 testdir/file
bash-3.1$ cat testdir/file
wibble
bash-3.1$ echo wobble >testdir/file
bash-3.1$ cat testdir/file
wobble
bash-3.1$
You need 'r' on a directory if you want to list its contents.
You need 'w' on a directory if you want to create, rename or delete files in it.


Now, look what happens when you remove 'x', and only have 'r'
[code[
bash-3.1$ chmod 400 testdir
bash-3.1$ ls -ld testdir
dr-------- 2 gazl users 4096 2010-02-21 16:19 testdir
bash-3.1$ ls testdir
file
bash-3.1$ ls -l testdir/file
ls: cannot access testdir/file: Permission denied
bash-3.1$
[/code]
... in this example you can ls, but not ls -l (the stats for the file are stored in the inode, and 'x' controls the access to that).


Have a play for yourself, its quite interesting what you can and cannot do with various combinations of permissions, and well worth investing 5 minutes to learn how it all hangs together.
 
Old 02-21-2010, 10:45 AM   #14
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 249Reputation: 249Reputation: 249
drwxr-x--- root root *** dir1


Code:
root@kids smoker]# ls -l dir1
total 4
drwxrwxrwx 3 root root 4096 Feb 21 14:11 test
Code:
smoker@kids ~]# ls -l dir1
ls : dir1 : permission denied
Code:
root@kids ~]# ls -l /home/smoker/dir1/test
total 0
-rw-r--r-- 1 smoker smoker 0 Feb 21 16:48 test.txt
Code:
smoker@kids ~]# ls -l /home/smoker/dir1/test/test.txt
ls: /home/smoker/dir1/test/test.txt: Permission denied
Code:
root@kids dir1]# ls -l
total 4
drwxrwxrwx 3 root root 4096 Feb 21 14:11 test
Code:
smoker@kids ~]# ls dir1/test
ls : dir1/test : permission denied

Last edited by smoker; 02-21-2010 at 10:55 AM.
 
1 members found this post helpful.
Old 02-22-2010, 02:34 AM   #15
iamonly
LQ Newbie
 
Registered: Nov 2009
Distribution: Slackware 12.2.0
Posts: 13

Original Poster
Rep: Reputation: 0
Thank you very much for all your replies especially for that of smoker, raju.mopidevi, and GazL.
I test myself and it seems that the answer of smoker is right.

All that I learned is that if in /home/, there exists a directory

drwx------ 2 root root 4096 2010-01-21 14:03 rootsdir

Then no user (except for root) can 'r' or 'w' or 'x' any entry which succeeds the dir. tree /home/rootsdir/.
Is this right? I just want an absolute answer for some security reasons.

I am wondering that how can raju.mopidevi's example

$ cd /media/dir1
bash: cd: /media/dir1: Permission denied
$cd /media/dir1/mydir1
$/media/dir1/mydir1 > ....

be true??! (Without saying that the current user is not changed)

Last edited by iamonly; 02-22-2010 at 02:44 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about permissions mattydee Slackware 7 10-17-2009 02:30 PM
permissions question fluidicslave Linux - Security 4 07-23-2006 08:52 PM
Question about permissions!! slashams Red Hat 2 06-11-2006 12:48 AM
Permissions Question dragin33 *BSD 1 01-05-2004 06:35 PM
permissions question cinnix Linux - General 2 07-09-2001 07:59 AM


All times are GMT -5. The time now is 12:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration