Thank you to everyone for the replies. The system(s) in question is a CentOS 5.5 server(s) (both development and production). The directory in question, in this case, is a firewall program (and monitor) to assist us with ip tables. I am also asking the developers of this product, as to why the directory is 600 and not 700.
(see below for more response)
On Tue, Jul 20, 2010 at 11:42 PM, Gordon Messmer yinyang@eburg.com wrote:
On 07/20/2010 08:30 PM, Keith Keller wrote:
IOW, ls will work fine, but ls -l will not. (To be specific, a plain old /bin/ls will work fine. If you have any ls options that need to read the contents of the directory, like -l or -F, it'll b0rk.)
Well, to be *specific*, reading the contents of the directory is allowed. That's what 'ls' will do. The attributes of the files contained within the directory are not read from the directory. They're returned by stat() on the paths composed of the directory path plus the names returned by reading the directory. The stat() call will fail, since you can read the directory's own content, but cannot access any of the items within the directory.
I did some more testing, and if the directory is owned by root, and the permissions are either 0600 or 0700 only root can cd into it or even do an ls (or ls -l) on it and see the contents.
If the directory is owned by a non-privileged user, and the directory is 0600, then that user can do an ls on the directory (ls dir/) and see the files. When that same user does an ls -l on the directory (ls -l dir/), it will show the files, but not attributes of the files. This same non-privileged user is not allowed to cd into the directory either. If the directory is 0700, then the non-privileged user that is the owner (and root) can cd into it, as well as do a ls -l to see the file attributes.
OK, my question from all of this is what is the difference between 0600 and 0700 for a directory that is owned by root? I see the difference for a directory owned by a non-privileged user, but if root is the owner, then only root can do anything with it, or see anything in it, and root will ignore the fact that the execute bit is not set for the owner. So what is the benefit of making a root owned directory 0600 instead of 0700?