Determining the effective file permissions

majestik33 · 08-15-2014, 10:03 PM

I would like to ask what are the rules that Linux OS's are using on ext4 file systems when there are conflicts between directory permission and file permissions.

Example:
drwxrwx--- user1 group2 FOLDER
-rw-r--r-- user1 group1 FILE

What permissions a user in a group2 on a file FILE would have?...And what is the general rule for determining file permissions in this situations?

Thanks.

notKlaatu · 08-15-2014, 10:17 PM

There is no conflict.

Group1 owns FILE but group1 will not be able to enter the FOLDER in order to access it

UNLESS

a user is in both GROUP1 and GROUP2

In which case that user will be able to enter the FOLDER via GROUP2 permission access, and read the file either as a member of GROUP1 or OTHER.

Or, obviously, if the user in question is user1.

majestik33 · 08-15-2014, 10:51 PM

User (which is not the same as user1 and dont belongs to group1) will have read, write, execute permissions on the folder and all its content due to its membership in group2, but only read permissons on file FILE because he belongs to world class users. Isnt this a typical folder/file permission conflict?

I tried to change file FILE as user in this set up on Fedora 18 and it did let me modify its content, but the next time I run the command ls -l, what I got was -rw-r--r-- user group1 FILE.

notKlaatu · 08-15-2014, 11:57 PM

You should not be able to modify that file as 'user' with those permissions. Are you sure that 'user' does not belong to group1 ? have you checked with the 'groups' command?

If i have a folder owned by klaatu:users and enter that folder as 'gort', it's OK because gort is in the 'users' group.

However, if I have a file 'foo' in that folder, and foo is owned by klaatu:staff, then as 'gort', I can read the file with cat or a similar command, but if I do something like 'echo bar > foo' then I will get Permission Denied.

I don't think I would call it a "conflict". Maybe looking at a folder's permissions more as a gatekeeper, through which you cannot pass if you do not have the correct permissions. But just because you do have permissions to go inside and look at stuff, it doesn't mean you can change them or use them.

If you really need to understand it, maybe create two users and create two groups. Log in as the first user and create the test environment:

Code:

whoami
> klaatu

groups
users staff blah blah

mkdir /test

chown klaatu:users /test

chmod 770 /test

cd /test

echo "bar" > foo

groups
users staff blah blah

chown klaatu:staff foo

chmod 644 foo

su - gort

whoami
> gort

groups
users blah blah

cd /test

cat foo 
> bar

echo "baz" >> foo 
> -su: /test/foo: Permission denied

descendant_command · 08-16-2014, 12:02 AM

@majestik33 you didn't modify the file - you overwrote it - which you have the permission to do from the 'write' permission on the dir.

majestik33 · 08-16-2014, 12:48 AM

Thats the most probable explenation. Thank you guys, it was very helpful