On 07/20/2010 08:30 PM, Keith Keller wrote:
IOW, ls will work fine, but ls -l will not. (To be specific, a plain old /bin/ls will work fine. If you have any ls options that need to read the contents of the directory, like -l or -F, it'll b0rk.)
Well, to be *specific*, reading the contents of the directory is allowed. That's what 'ls' will do. The attributes of the files contained within the directory are not read from the directory. They're returned by stat() on the paths composed of the directory path plus the names returned by reading the directory. The stat() call will fail, since you can read the directory's own content, but cannot access any of the items within the directory.
If it's an embedded server, like a home wifi router device, running everything as root isn't such a big deal. If it's a real server it's in deep trouble.
They're the configuration files for a firewall package. It's fine that they're readable only by root. No other user would have any use for them, as only the root user can manipulate iptables entries.