HPE Community
Operating System - HP-UX
1835574 Members
2596 Online
110079 Solutions
New Discussion

Re: How directory, subdirectory, file permissions work

 
rich kernozek
New Member

‎08-01-2001 05:32 AM

‎08-01-2001 05:32 AM

How directory, subdirectory, file permissions work

I understand that file access is based on the file permissions AND directory permissions of the directory that contains it. I am confused when a subdirectory is introduced. For example I have /dir/subdir/file with the "other" user permissions set as follows:
/dir set to r-x
/subdir set to r-x
/file set to rwx

I know "other" users should not be able to delete my file. But can they modify the contents of the file? Or are is my file protected from "other" based on the permissions of the /dir and the /subdir?

Any help would be appreciated.
Thanks
Rich


0 Kudos
Reply
8 REPLIES 8
James R. Ferguson
Acclaimed Contributor

‎08-01-2001 05:42 AM

‎08-01-2001 05:42 AM

Re: How directory, subdirectory, file permissions work

Hi Rich:

Sorry, in this example, while they cannot delete the file, "others" can modify it -- you granted "r/w/e" permissions to 'other'.

...JRF...
0 Kudos
Reply
Bill McNAMARA_1
Honored Contributor

‎08-01-2001 05:43 AM

‎08-01-2001 05:43 AM

Re: How directory, subdirectory, file permissions work

just to note,
the directory itself contains an index of the files within it.

if a directory is rwx for others (ie not me or my group) others can delete any files I create, or at least remove the index from the directory. (even if the file is --- for others)

Other than that
user group others
- - - - - - - - -
#uid
from /etc/passwd

#gid
from /etc/group

others is anything not
in your gid nor your uid

Access Control lists (ACLs) can finetune group permissions man lsacl and chacl for more on that.

man ls for information on permissions and all the different file types
Later,
Bill
It works for me (tm)
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎08-01-2001 05:46 AM

‎08-01-2001 05:46 AM

Re: How directory, subdirectory, file permissions work

Hi Rick


Others can write to it and hence modify or effectivley delete it.


Manoj Srivastava
0 Kudos
Reply
Praveen Bezawada
Respected Contributor

‎08-01-2001 05:47 AM

‎08-01-2001 05:47 AM

Re: How directory, subdirectory, file permissions work

Hi
Because you donot have 'w' for directory for 'others' they cannot delete the files in the directory as deleting a file means modifying the content of the directory.
But as the file itself has w permission 'others' can write the file.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎08-01-2001 05:54 AM

‎08-01-2001 05:54 AM

Re: How directory, subdirectory, file permissions work

Hi (again) Rich:

If you have a directory with r/w/e permissions, like /tmp and you *don't* want users to be able to remove files other than those they own, then set the "sticky" bit on the directory:

# chmod 1777 /tmp

...JRF...
0 Kudos
Reply
Deshpande Prashant
Honored Contributor

‎08-01-2001 06:16 AM

‎08-01-2001 06:16 AM

Re: How directory, subdirectory, file permissions work

HI Rick
With dir & subdir having permission of r-x for other, no file can be created or deleted by others in directory. But in same dir/subdir if any file has rwx permission for others, file can be modified by others and not deleted.

Setting sticky bit on directory (with 1777) users can create files in that directory and delete those owned by them only.

Thanks.
Prashant.
Take it as it comes.
0 Kudos
Reply
Bill Thorsteinson
Honored Contributor

‎08-01-2001 03:18 PM

‎08-01-2001 03:18 PM

Re: How directory, subdirectory, file permissions work

Directory and subdirectory permissions work more
or less the same. For directories privileges work
as follows:
x - allows access to files in the directory
(allows rwx to the file or directory as per
the files permissions. You need at least
this access to all files in the path to a
file you want to access.)
r - allows scanning the directory to see the contents
(which files are in the directory. Doesn't
imply access to the file.)
w - allows changes to the directory (create,
rename and delete files and directories
even if you don't have access to their contents.
Requires x access to be set. The t bit restricts
delete access to files you own.)

For files the access works as follows:
x - Indicates file contents are executable. (Treat the
file as a command if refenced as the first item
of a command line. Scripts can be execute with
out this bit by calling the shell with the file a
the command 'sh myscript'. Read access is
required.)
r - The contents of the file can be read.
w - Data can be written to the file. (The contents
of the file can be modified. Doesn't imply the
ability to delete the file. You can truncate though.)

The numeric bit values are x = 1, w = 2, r = 4.

The applicable access is determined by the following
criteria:
root - grant full access
file owner (u) - users UID = file UID
file group (g) - users belongs to the group that the
file belongs to (different approaches are
used to determine group membership)
other (o) - didn't match any of the above criteria
Usually only the first match applies. Therefore
----r--rw- (046) allows group read access, and others
read write access but prevents you from accessing the
file. As owner you can change the file permissions to
permit yourself access.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎08-01-2001 07:32 PM

‎08-01-2001 07:32 PM

Re: How directory, subdirectory, file permissions work

A good shorthand way to understand directories versus file permissions:

Directory permissions control the EXISTENCE of a file.

File permissions control the CONTENTS of a file.

So a file can have 000 permission (no one except root can read or write the file) but if the directory for this file has 777 permissions, anyone can delete it. (try it in /tmp, assuming /tmp is 777 or -rwxrwxrwx and does not have the t-bit or sticky bit set).


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.