Lately I had sort of an argument with one of our Win-Admins.

I asserted that with Linux one could create a directory like a "black box", into which the user could write to but not read from, just by issuing He doubted that and challenged me to test it. I did that and, lo and behold, I was wrong.

So, what does chmod 222 do? How can I create my "black box"?

Explanation: The Win-Admins here are very restrictive, I can access neither CD-ROM nor USB-Stick in my workstation, without phoning for permission and remote activation of drive or port. I wanted to tease them into creating a "black box" like Linux can .

We are allowed to download stuff since we have a thick corporate connection with no volume restriction and at home I only have a 56k modem ... thus I could get e.g. the next SuSE, transfer the ISOs to an USB-Stick and carry her home

a 'w' permission means you cannot 'cd' into the directory, you cannot list the contents from outside and.. importantly... you cannot write content. only thing you can do is 'touch' the content.. that too only if you know the names of the files inside it beforehand.
now, as for your problem, i think a wx permission would do the trick. you would be able to 'cd' into the directory but not 'ls' the contents. you wld write into the directory as well as cat/rm the files. if you want to ls, then make a subdirectory yourself and place you contents in this sub-dir.
isn't that what you want?

That's okay and as I'd expect.

Wait a minute. "w" is for "writing", isn't it? Why can't I write? That seems illogical .

What, exactly, is touching then? Resetting the time stamp?

Sounds good, but...

... but this (cat) is reading! Huh? Without specifying "r"?

Not exactly, since I don't need an ls. It's really like I want a a drain, a black hole, a /dev/gone ... I want the Admins reassured that I can't infest my workstation with malware while otherwise being able to transfer files to the USB-stick -- never seeing them again on the Win-box .

Also, specifying "x", thus enabling "execute" would void the security aspect.

without x u cannot cd into the directory, so the w is of no use.
even with rw permission you cannot write.. simply because you do not have permission to enter that directory.

yeah. you can reset the time stamp. that may not be of much use.

r permission has different meanings for directory and file.
for directory it means reading the inodes contained(or the contents... in lay language)
for files it means reading the contents actually.
so when you DONT say r for a directory, you deny reading the contents of that directory. but the contents of that file are governed by the permissions of the file itself.
i know this is tricky. because w permission of directory overrides the w permission of the file. so you can delete a file(without w) inside a directory (with w).

So, does that mean I came to a dead end? There is no way to filter operations in a directory so that files can be written only (black hole analogy)?

Can't the directory determine the mode of the files it contains (or the files it gets written into itself), like "I'm a container for mode 222 files only"?

I don't know if this is what you want:
The null device is basically a black hole

--Ian

@IBall

Yes, I know, thank you. When you read my first post (or, better, the whole -short- thread) you'll understand what I'm looking for .

well.. JZL... i dont exactly get your question... isn't somebody goin to access your files after you have written them into that directory?? what use is that directory then... ok i am sure that is not the case :P .
now, as of what my understanding of your question is.. you should not be able to ls/rm the contents but you should be able to write into it. well, this is where the special permissions come to your rescue..
the SUID,SGID and sticky bits.
i think setting a stick bit would slve your problem. this would prevent others from removing your files. but you yourself can remove the file.
does this solve it?

I want to write downloads to an USB-stick, pull it out, take it home, plug it in my private box there and get the contents.

I'll have to try.

BUT How about this: I just thought about the mount in /etc/fstab ... What do you think, wouldn't that do the trick?

not sure...
5 means rx, no write permissions. then how do you expect to write into /mnt/usb1 ?
i assume your admin does not want you to copy things from the stick onto your local drive at the workplace, but he does allow vice-versa. i dont think this(the first case) is possible by manuplating the permissions of the source directory, i.e. the /mnt/usb1 directory. pls do post it here if you get to know how to..
what i suggest is, let your admin present you with a script in place of the 'cp' (and 'mv') command, wherein it checks for the all arguments, except last one to confirm its NOT '/mnt/usb1/*' or 'usb1/*'. (The permissions of /mnt/usb1 are such that you cannot 'cd' into that directory). this way, you wld get basic funtionality of cp command and the admin would be satisfied there's nothing illicit going on....
i know this is like holding your nose from behind your head.... but i cannot think of anything better.

Well, I sit at in front of the Win-box right now, so I can't "man umask" ... but if I remember correctly, umask uses the inverse values of chmod, thus umask=555 should be equivalent to chmod 222 -- I think.

Yes, exactly ... or rather that permission is what I want and therefore I must make sure that he can't raise security issues with this.

Promised .

Did you ever try do do that to yourself? Is there a picture of you, holding your nose that way?

oops.... sorry. you're right about the umask thing. But i still maintain chmod 222 would not give you actual write permissions.... its only a bait you see. Try it when you are on linux.