In <201012081217.41820.lisi.re...@gmail.com>, Lisi wrote: >My google foo seems to have deserted me completely. Could someone take >pity? :-( > >Is it possible for a directory to have lower permissions than the files it >contains?
What is lower? Is 577 lower than 600 or vice-versa? In any case, the permissions of a directory do not limit what permissions files in it can be given. It is possible for a directory with 777 permissions to contain a file with 000 permissions AND vice-versa. >And could those who have permissions for the files, but not the >directory, gain access to the files? The "r" bit on a directory means that you can walk the list of dirents to get name information. Basically, that "ls" and similar things can show you which files are in the directory. The "w" bit on a directory means that you can manipulate the directory contents. You can link (create), unlink (delete), and rename files in it. The "x" bit on a directory means that you can "search" it. Specifically, if you already have a name of a dirent, it allows you to get the inode information. This is required to perform virtually any action through the links in the directory opening them, stating them, etc. This allows ls to show size, times, permissions, etc. So, if a directory has "x", but not "rw" permissions you may be able to access files inside but only if you already know the name of them. What actions would be allowed would be based on the permissions of the files, not the directory. Directories without "x" permissions are rather rare, but if the only link to a file in is such a directory, it would be impossible to access even if you have "rwx" permissions on the file. E.g.: $ ls -lR test test: total 0 -rw-r--r-- 2 bss bss 0 Dec 8 13:56 new_name drwxr-xr-x 2 bss bss 72 Dec 8 13:57 no_exec test/no_exec: total 0 -rw-r--r-- 2 bss bss 0 Dec 8 13:56 example $ echo "linked" >> test/no_exec/example $ cat test/new_name linked $ chmod 000 test/no_exec $ cat test/no_exec/example cat: test/no_exec/example: Permission denied $ echo "still linked" >> test/new_name $ chmod 755 test/no_exec $ cat test/no_exec/example linked still linked -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.
