Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Rep:
What effect has chmod 222 on a directory?
Lately I had sort of an argument with one of our Win-Admins.
I asserted that with Linux one could create a directory like a "black box", into which the user could write to but not read from, just by issuing
Code:
chmod 222 /my/test/directory
He doubted that and challenged me to test it. I did that and, lo and behold, I was wrong.
So, what does chmod 222 do? How can I create my "black box"?
Explanation: The Win-Admins here are very restrictive, I can access neither CD-ROM nor USB-Stick in my workstation, without phoning for permission and remote activation of drive or port. I wanted to tease them into creating a "black box" like Linux can .
We are allowed to download stuff since we have a thick corporate connection with no volume restriction and at home I only have a 56k modem ... thus I could get e.g. the next SuSE, transfer the ISOs to an USB-Stick and carry her home
a 'w' permission means you cannot 'cd' into the directory, you cannot list the contents from outside and.. importantly... you cannot write content. only thing you can do is 'touch' the content.. that too only if you know the names of the files inside it beforehand.
now, as for your problem, i think a wx permission would do the trick. you would be able to 'cd' into the directory but not 'ls' the contents. you wld write into the directory as well as cat/rm the files. if you want to ls, then make a subdirectory yourself and place you contents in this sub-dir.
isn't that what you want?
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Original Poster
Rep:
Quote:
Originally posted by logicalfuzz a 'w' permission means you cannot 'cd' into the directory, ...
That's okay and as I'd expect.
Quote:
Originally posted by logicalfuzz ... you cannot list the contents from outside and.. importantly... you cannot write content. ...
Wait a minute. "w" is for "writing", isn't it? Why can't I write? That seems illogical .
Quote:
Originally posted by logicalfuzz ... only thing you can do is 'touch' the content.. that too only if you know the names of the files inside it beforehand....
What, exactly, is touching then? Resetting the time stamp?
Quote:
Originally posted by logicalfuzz ... now, as for your problem, i think a wx permission would do the trick. you would be able to 'cd' into the directory but not 'ls' the contents. you wld write into the directory...
Sounds good, but...
Quote:
Originally posted by logicalfuzz ... as well as cat/rm the files.
... but this (cat) is reading! Huh? Without specifying "r"?
Quote:
Originally posted by logicalfuzz ... if you want to ls, then make a subdirectory yourself and place you contents in this sub-dir.
isn't that what you want?
Not exactly, since I don't need an ls. It's really like I want a a drain, a black hole, a /dev/gone ... I want the Admins reassured that I can't infest my workstation with malware while otherwise being able to transfer files to the USB-stick -- never seeing them again on the Win-box .
Also, specifying "x", thus enabling "execute" would void the security aspect.
Wait a minute. "w" is for "writing", isn't it? Why can't I write? That seems illogical .
without x u cannot cd into the directory, so the w is of no use.
even with rw permission you cannot write.. simply because you do not have permission to enter that directory.
Quote:
What, exactly, is touching then? Resetting the time stamp?
yeah. you can reset the time stamp. that may not be of much use.
Quote:
... but this (cat) is reading! Huh? Without specifying "r"?
r permission has different meanings for directory and file.
for directory it means reading the inodes contained(or the contents... in lay language)
for files it means reading the contents actually.
so when you DONT say r for a directory, you deny reading the contents of that directory. but the contents of that file are governed by the permissions of the file itself.
i know this is tricky. because w permission of directory overrides the w permission of the file. so you can delete a file(without w) inside a directory (with w).
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Original Poster
Rep:
So, does that mean I came to a dead end? There is no way to filter operations in a directory so that files can be written only (black hole analogy)?
Can't the directory determine the mode of the files it contains (or the files it gets written into itself), like "I'm a container for mode 222 files only"?
well.. JZL... i dont exactly get your question... isn't somebody goin to access your files after you have written them into that directory?? what use is that directory then... ok i am sure that is not the case :P .
now, as of what my understanding of your question is.. you should not be able to ls/rm the contents but you should be able to write into it. well, this is where the special permissions come to your rescue..
the SUID,SGID and sticky bits.
i think setting a stick bit would slve your problem. this would prevent others from removing your files. but you yourself can remove the file.
does this solve it?
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Original Poster
Rep:
Quote:
Originally posted by logicalfuzz well.. JZL... i dont exactly get your question... isn't somebody goin to access your files after you have written them into that directory??
I want to write downloads to an USB-stick, pull it out, take it home, plug it in my private box there and get the contents.
Quote:
Originally posted by logicalfuzz ... now, as of what my understanding of your question is.. you should not be able to ls/rm the contents but you should be able to write into it. well, this is where the special permissions come to your rescue..
the SUID,SGID and sticky bits.
i think setting a stick bit would slve your problem. this would prevent others from removing your files. but you yourself can remove the file.
does this solve it?
I'll have to try.
BUT How about this: I just thought about the mount in /etc/fstab ...
not sure...
5 means rx, no write permissions. then how do you expect to write into /mnt/usb1 ?
i assume your admin does not want you to copy things from the stick onto your local drive at the workplace, but he does allow vice-versa. i dont think this(the first case) is possible by manuplating the permissions of the source directory, i.e. the /mnt/usb1 directory. pls do post it here if you get to know how to..
what i suggest is, let your admin present you with a script in place of the 'cp' (and 'mv') command, wherein it checks for the all arguments, except last one to confirm its NOT '/mnt/usb1/*' or 'usb1/*'. (The permissions of /mnt/usb1 are such that you cannot 'cd' into that directory). this way, you wld get basic funtionality of cp command and the admin would be satisfied there's nothing illicit going on....
i know this is like holding your nose from behind your head.... but i cannot think of anything better.
Last edited by logicalfuzz; 09-13-2005 at 05:08 AM.
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Original Poster
Rep:
Quote:
Originally posted by logicalfuzz ... 5 means rx, no write permissions. then how do you expect to write into /mnt/usb1 ?
Well, I sit at in front of the Win-box right now, so I can't "man umask" ... but if I remember correctly, umask uses the inverse values of chmod, thus umask=555 should be equivalent to chmod 222 -- I think.
Quote:
Originally posted by logicalfuzz ... i assume your admin does not want you to copy things from the stick onto your local drive at the workplace, but he does allow vice-versa.
Yes, exactly ... or rather that permission is what I want and therefore I must make sure that he can't raise security issues with this.
Quote:
Originally posted by logicalfuzz ... i dont think this (the first case) is possible by manuplating the permissions of the source directory(/mnt/usb) , i.e. the /mnt/usb1 directory. pls do post it here if you get to know how to..
Promised .
Quote:
Originally posted by logicalfuzz ... i know this is like holding your nose from behind your head.... but i cannot think of anything better.
Did you ever try do do that to yourself? Is there a picture of you, holding your nose that way?
Well, I sit at in front of the Win-box right now, so I can't "man umask" ... but if I remember correctly, umaks uses the inverse values of chmod, thus umask=555 should be equivalent to chmod 222 -- I think.
oops.... sorry. you're right about the umask thing. But i still maintain chmod 222 would not give you actual write permissions.... its only a bait you see. Try it when you are on linux.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.