Security Basics mailing list archives
Basic Security question about directory path
From: "John Earl" <john.earl () powertech com>
Date: Wed, 27 Jul 2005 18:12:21 -0700
This seems like a very basic security question, and I _believe_ I already know the answer, but I am in a debate with a large software company about what is the correct security requirement for a path prefix, so I'm looking for second opinions... The question is this; In a standard Unix (or POSIX really) setup, what authority does a user require to traverse a directory path in order to read a file from a subdirectory? For example, if user "FRED" wishes to read file "myfile" from location "/dir1/dir2/" (so that the full path name is (/dir1/dir2/myfile"), should user "FRED" need just "x" access to the root and "dir1" or should user FRED need "rx" access to the root and "dir1". The goal is both to read the contents of "myfile", but also to give the user the lowest amount of authority necessary to complete the task. Any insight you have on this would be greatly appreciated. Thank You, jte -- John Earl The PowerTech Group Seattle, WA www.powertech.com This email message and any attachments are intended only for the use of the intended recipients and may contain information that is privileged and confidential. If you are not the intended recipient, any dissemination, distribution, or copying is strictly prohibited. If you received this email message in error, please immediately notify the sender by replying to this email message, or by telephone, and delete the message from your email system. --
Current thread:
- Basic Security question about directory path John Earl (Jul 29)