Web lists-archives.com

Re: File and directory permissions

Hash: SHA1

On Wed, Mar 07, 2018 at 12:42:19PM +0100, epsilon491@xxxxxxxxxxxx wrote:
> OK thanks for the explanations.
> To make sure:
> 1.) To prevent this scenario, I have to do recursive chown and chmod.

I don't quite understand what you mean by "scenario": that a process
under the uid of "aristo" can modify the subdirectory "apple"? If you
don't want that, yes, you'll have to change its owner (or group) and
set its permissions accordingly.

> 2.) If I chmod only /opt/experiment, there is absolutely no other way to access apple, other than an already open terminal.

Forget the terminal. It's the shell (in this case: it could be any
process in other cases). There are other ways, see below:

> Correct?

Not quite: try

  cd /opt/experiments/apple
  su aristo
  touch ccc # now I modified dir apple as user aristo

Or better with sudo, anyway:

  sudo -s
  cd /opt/experiments/apple
  sudo -u aristo -s
  touch ccc # now I modified dir apple as user aristo

"You" just need a "helper process" which can traverse experiments and
gives "you" [1] an open descriptor to "apple". There are other ways
to pass open file descriptors around in Unix-like systems. Quite
possibly you can use them in a similar way.

[1] "You" is here just a shorthand for "the process running under the
  aristo UID which can't by itself open the whole path /opt/experiments/apple)

- -- t
Version: GnuPG v1.4.12 (GNU/Linux)