[CentOS] directory permissions set to 600?
Ski Dawg
centos at skidawg.org
Wed Jul 21 15:30:29 UTC 2010
Thank you to everyone for the replies. The system(s) in question is a
CentOS 5.5 server(s) (both development and production). The directory
in question, in this case, is a firewall program (and monitor) to
assist us with ip tables. I am also asking the developers of this
product, as to why the directory is 600 and not 700.
(see below for more response)
On Tue, Jul 20, 2010 at 11:42 PM, Gordon Messmer <yinyang at eburg.com> wrote:
> On 07/20/2010 08:30 PM, Keith Keller wrote:
>>
>> IOW, ls will work fine, but ls -l will not. (To be specific, a plain
>> old /bin/ls will work fine. If you have any ls options that need to read
>> the contents of the directory, like -l or -F, it'll b0rk.)
>
> Well, to be *specific*, reading the contents of the directory is
> allowed. That's what 'ls' will do. The attributes of the files
> contained within the directory are not read from the directory. They're
> returned by stat() on the paths composed of the directory path plus the
> names returned by reading the directory. The stat() call will fail,
> since you can read the directory's own content, but cannot access any of
> the items within the directory.
I did some more testing, and if the directory is owned by root, and
the permissions are either 0600 or 0700 only root can cd into it or
even do an ls (or ls -l) on it and see the contents.
If the directory is owned by a non-privileged user, and the directory
is 0600, then that user can do an ls on the directory (ls dir/) and
see the files. When that same user does an ls -l on the directory (ls
-l dir/), it will show the files, but not attributes of the files.
This same non-privileged user is not allowed to cd into the directory
either. If the directory is 0700, then the non-privileged user that is
the owner (and root) can cd into it, as well as do a ls -l to see the
file attributes.
OK, my question from all of this is what is the difference between
0600 and 0700 for a directory that is owned by root? I see the
difference for a directory owned by a non-privileged user, but if root
is the owner, then only root can do anything with it, or see anything
in it, and root will ignore the fact that the execute bit is not set
for the owner. So what is the benefit of making a root owned directory
0600 instead of 0700?
--
Doug
Registered Linux User #285548 (http://counter.li.org)
----------------------------------------
Never trust a computer you can't throw out a window.
-- Steve Wozniak
More information about the CentOS
mailing list