Home > unix > When are Unix directory permissions enforced

When are Unix directory permissions enforced

August 5Hits:2
Advertisement

Say I have a directory that only root can access:

 $ sudo -s  $ mkdir ~/rootonly  $ chmod 000 ~/rootonly 

Inside that directory is one with global-everything permissions:

 $ cd ~/rootonly  $ mkdir openforall  $ chmod 777 openforall 

No if I want to access that directory as a normal user, I seemingly can't (as I would expect):

 $ su me  $ cd ~/rootonly/openforall/  bash: cd: /home/me/rootonly/openforall: Permission denied  $ touch ~/rootonly/openforall/foo  touch: cannot touch `/home/me/rootonly/openforall/foo': Permission denied 

However, if I first cd as root into the directory, and then su to the normal user user, it does work:

 $ sudo -s  $ cd /home/me/rootonly/openforall  $ su www-data  $ touch test  $ ls  $ -rw-r--r-- 1 www-data www-data 0 2011-08-05 14:17 test 

Why does this work? Is the first case just a specific behavior of "cd", which tries to go through the directory hierarchy folder by folder? In other words, for an attacker bypassing the bash, does the kernel provide an entry to access "openforall" if the path is known?

I'm interested what is going on behind the scenes here.

Answers

The permisions are enforced when a command needs to "traverse" a directory.

When you touch ~/rootonly/openforall/foo, the touch command needs to open the rootonly directory so that it can find the location (inode etc) of openforall so that it can then edit the contents of the openforall directory structure to set the timestamp there of foo.

Tags:unix

Related Articles

  • When are Unix directory permissions enforcedAugust 5

    Say I have a directory that only root can access: $ sudo -s $ mkdir ~/rootonly $ chmod 000 ~/rootonly Inside that directory is one with global-everything permissions: $ cd ~/rootonly $ mkdir openforall $ chmod 777 openforall No if I want to access th

  • Unix setting permissions on an entire folderAugust 11

    This is a noob question. I am in a folder called images - none of which show up on my website. I believe the permissions are not set correctly. What do I do to set them correctly so that they will show up. What permisions do I give, and how do I do t

  • Ubuntu directory permissions - Sticky bit - Prevent deletion of a file September 4

    Let's say user has Directory1 and it contains File1 File2 CantBeDeletedFile How to make so the user would never be allowed to delete the CantBeDeletedFile? If I change the ownership of Directory1 and remove write permissions users wouldn't be able to

  • Override Samba directory permissionsAugust 2

    I'm trying to understand the samba rights management, but I think I missed a bit. I have 2 kinds of users: guests and users with a login via LDAP. Now I try to override all permission settings in Samba via the following share configuration: # directo

  • Home directory permissions preventing ssh key authentication on Ubuntu Server 14.10December 28

    I have ubuntu server 14.10 with an SSH server on it, and have password authentication working fine from my System76 darter laptop running Debian Sid. I want to switch to rsa-key authentication. On the local system I generated the key, put the public

  • What are all possible letters for Unix file permissions?February 17

    I'm trying to write a regular expression to match Unix file permissions returned by ls -l command. Here I found that all possible letters for the first field are d,c,l,p,s,b,D. Now, what are all possible letters for the remaining fields? This is how

  • Directory permissions for web serverFebruary 27

    Hi all I'm fairly new to permissions in a web server environment so please bear with me. I'm experiencing a problem (I believe) having to do with permissions to a directory on my server. The file permissions initially read drwx--S--- and I was able t

  • What are the correct permissions for the .gnupg enclosing folder? gpg: WARNING: unsafe enclosing directory permissions on configuration fileAugust 10

    I don't want to just chmod and run until I get the right answer, nor do I want to run GnuPG as root. The easy fix would be to just set it so that only my user can read it, but I don't think that's the best way. I get the following error when I attemp

  • Web-Server directory permissionsMay 17

    I would like some help understanding web-server directory permissions. Apache, CentOS, PHP, Mysql Example, I have multiple sites in /var/www/html They are in paths like: /var/www/html/www_domainname_com inside each site I might have a path like /lib/

  • VCS System that preserves Unix file permissions?April 8

    I'm looking for a simple revision control system for server configs. Something like works like git, but preserves Unix file permissions. And is NOT RCS. Any tips? Thanks! --------------Solutions------------- You may want to look at etckeeper It does

  • How do directory permissions in Linux work?September 22

    In my CMS, I noticed that directories need the executable bit (+x) set for the user to open them. Why is the execute permission required to read a directory, and how do directory permissions in Linux work? --------------Solutions------------- When ap

  • Managing Linux Directory Permissions & SFTPJune 4

    Good morning; I have a RHEL 5.7 web server configured to allow SSH/SFTP only by specific groups. I'd like for content managers to upload content to their respective directories and have that content inherit the user/group ownership of the directory r

  • Mount remote UNIX directory in Windows 7August 6

    I have ssh access to a UNIX machine. I was wondering if there was a way to mount my home directory as a windows drive, so that I'm able to edit the UNIX files with in windows. Any free software would be fine. I've seen this question, but what I want

  • Debian home directory permissions get resettedAugust 16

    On Debian Squeeze once a day the home directory permissions of one specific user get resetted to chmod 700 and chown root:root. Every day I have to set the permissions manually to login properly. Anyone got an idea where this comes from? ------------

  • problem with "web" directory permissionsSeptember 29

    Hi There Please give me a solution! I am absolutely new in Linux. In Ubuntu I have decided to install a CMS but due to "web" directory permissions which doesn't CMS to execute some actions, I had made some changes via chmod command. Regrettable,

  • Changed home directory permissions on remote server, can no longer ssh into itSeptember 29

    I changed the permissions on my ~ directory, and according to this question about ssh and home directory permissions I can no longer ssh into my remote server because it rejects my public key. Is there any way to resolve this issue without having to

  • 755 directory permissions aren't allowing file creation by owning userid?October 17

    I had overly permissive directory permissions (777) on my home dir, and just changed these to 755: # cd # pwd /home/machinename/myuserid # ls -ld . drwxr-xr-x 9 myuserid mygroupid 4096 Oct 17 11:44 . That should be sufficient to create files in my ho

  • Moved Wordpress site to new server, directory permissions not working correctlyNovember 15

    I built a Wordpress on my hosting space and then transferred it my clients server - followed all the instructions and pretty much everything works fine. The ONLY problem I have is that the directory permissions aren't working correctly, they're all s

  • How to tell rsync not to touch the destination directory permissions?December 8

    I am using rsync to sync a directory from a machine to another but I encountered the following problem: the destination directory permissions are altered. rsync -ahv defaults/ [email protected]:~/ The problem is that in this case the permissions and owne

  • Directory Permissions - Ubuntu Web ServerApril 3

    I've recently setup a new virtual server to host my websites. I'm pretty new to Linux based systems and sysadmin stuff and as a result have a few questions with regards to file and directory permissions. My main site is located in /var/www and in the

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.453 s.