Security Basics mailing list archives
Re: Basic Security question about directory path
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Sat, 30 Jul 2005 04:20:02 +0530
On 27/07/05 18:12 -0700, John Earl wrote:
This seems like a very basic security question, and I _believe_ I already know the answer, but I am in a debate with a large software company about what is the correct security requirement for a path prefix, so I'm looking for second opinions... The question is this; In a standard Unix (or POSIX really) setup, what authority does a user require to traverse a directory path in order to read a file from a subdirectory? For example, if user "FRED" wishes to read file "myfile" from location "/dir1/dir2/" (so that the full path name is (/dir1/dir2/myfile"), should user "FRED" need just "x" access to the root and "dir1" or should user FRED need "rx" access to the root and "dir1". The goal is both to read the contents of "myfile", but also to give the user the lowest amount of authority necessary to complete the task.
To be able to read the contents of the directory, you need the r bit set. To be able to change to that directory, or its subdirectories, you need x. To be able to create files in the directory, you need w. So / needs 511, /dir1 needs 511, /dir1/dir2 needs 511, /dir1/dir2/myfile needs 444. Keep in mind that you need additional permissions to be able to do real work, and other programs might need even more access. Devdas Bhagat
Current thread:
- Re: Basic Security question about directory path Devdas Bhagat (Aug 01)
- <Possible follow-ups>
- Re: Basic Security question about directory path Ansgar -59cobalt- Wiechers (Aug 01)
- RE: Basic Security question about directory path Samuel R. Baskinger (Aug 01)