Re: File and directory permissions

2018-03-07 Thread Dan Purgert
wrote: > > On Wed, Mar 07, 2018 at 11:54:06AM -, Dan Purgert wrote: > > [...] > >> Think of it as being somewhat like a parking lot / garage with a gate at the >> entrance. > > Uh-oh. A car analogy :) > >> You enter the lot / garage, get your ticket, and are admitted in.

Re: File and directory permissions

2018-03-07 Thread Greg Wooledge
On Wed, Mar 07, 2018 at 12:42:19PM +0100, epsilon...@tutanota.com wrote: > OK thanks for the explanations. > To make sure: > 1.) To prevent this scenario, I have to do recursive chown and chmod. No, to prevent this scenario, use the correct owner and permissions in the first place instead of

Re: File and directory permissions

2018-03-07 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Mar 07, 2018 at 01:11:52PM +0100, epsilon...@tutanota.com wrote: > Tomas and Dan, thanks for the explanations. So if the process have already a > handle (file descriptor) to apple, it can continue using it, even when I > chmod 700 one of its

Re: File and directory permissions

2018-03-07 Thread Thomas Schmitt
Hi, epsilon...@tutanota.com wrote: > So what you say is this: if there is an open terminal before chmod 700, then > I can use that terminal to access "apple", but after I close terminal B, > there is no way to access that apple directory? Neither with a shall window, > nor with another software?

Re: File and directory permissions

2018-03-07 Thread epsilon491
Tomas and Dan, thanks for the explanations. So if the process have already a handle (file descriptor) to apple, it can continue using it, even when I chmod 700 one of its parents. On the other hand, any new process trying to get a handle to apple MUST traverse the directory tree. This is what I

Re: File and directory permissions

2018-03-07 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Mar 07, 2018 at 11:54:06AM -, Dan Purgert wrote: [...] > Think of it as being somewhat like a parking lot / garage with a gate at the > entrance. Uh-oh. A car analogy :) > You enter the lot / garage, get your ticket, and are admitted

Re: File and directory permissions

2018-03-07 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Mar 07, 2018 at 12:42:19PM +0100, epsilon...@tutanota.com wrote: > OK thanks for the explanations. > To make sure: > 1.) To prevent this scenario, I have to do recursive chown and chmod. I don't quite understand what you mean by "scenario":

Re: File and directory permissions

2018-03-07 Thread Dan Purgert
wrote: > Sorry, it is very counter intuitive to me. > So what you say is this: if there is an open terminal before chmod > 700, then I can use that terminal to access "apple", but after I close > terminal B, there is no way to access that apple directory? Neither > with a

Re: File and directory permissions

2018-03-07 Thread epsilon491
OK thanks for the explanations. To make sure: 1.) To prevent this scenario, I have to do recursive chown and chmod. 2.) If I chmod only /opt/experiment, there is absolutely no other way to access apple, other than an already open terminal. Correct? 7. Mar 2018 14:34 by to...@tuxteam.de: >

Re: File and directory permissions

2018-03-07 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Mar 07, 2018 at 12:19:06PM +0100, epsilon...@tutanota.com wrote: > Addition to previous email: > Example: > In terminal B I can still modify a files as follows: > touch aaa > echo "123" > aaa > But when I do, > vi aaa > even in the same

Re: File and directory permissions

2018-03-07 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Mar 07, 2018 at 12:14:10PM +0100, epsilon...@tutanota.com wrote: > Sorry, it is very counter intuitive to me. > So what you say is this: if there is an open terminal before chmod 700, > then I can use that terminal to access "apple", but after

Re: File and directory permissions

2018-03-07 Thread epsilon491
Addition to previous email: Example: In terminal B I can still modify a files as follows: touch aaa echo "123" > aaa But when I do, vi aaa even in the same terminal, vi can't access the file aaa. 7. Mar 2018 14:14 by epsilon...@tutanota.com: > Sorry, it is very counter intuitive to me. > So

Re: File and directory permissions

2018-03-07 Thread epsilon491
Sorry, it is very counter intuitive to me. So what you say is this: if there is an open terminal before chmod 700, then I can use that terminal to access "apple", but after I close terminal B, there is no way to access that apple directory? Neither with a shall window, nor with another

Re: File and directory permissions

2018-03-07 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Mar 07, 2018 at 11:54:43AM +0100, epsilon...@tutanota.com wrote: > 7. Mar 2018 11:27 by to...@tuxteam.de: > > > I can't reproduce, either. Once the chown to root happens, non-root > > user can't touch files in directory. Ext4. > > I double

Re: File and directory permissions

2018-03-07 Thread epsilon491
7. Mar 2018 11:27 by to...@tuxteam.de: > I can't reproduce, either. Once the chown to root happens, non-root > user can't touch files in directory. Ext4. I double checked. Sorry the previous example was not good. To reproduce the issue, you have to create another directory inside the top

Re: File and directory permissions

2018-03-07 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Mar 07, 2018 at 02:46:05PM +1300, Ben Caradoc-Davies wrote: > On 07/03/18 13:56, epsilon...@tutanota.com wrote: > >On terminal A, > >chown root:root /opt/experiment/ > >chmod 700 /opt/experiment > >On terminal B, > >whoami #aristo > >touch bbb

Re: File and directory permissions

2018-03-06 Thread epsilon491
On 07/03/18 13:56, epsilon...@tutanota.com wrote:   > Do you have any network filesystems involved in this test? No network fs. It is a local LUKS encrypted disk with ext4 filesystem. Kernel is latest. Debian 9.3

Re: File and directory permissions

2018-03-06 Thread Ben Caradoc-Davies
On 07/03/18 13:56, epsilon...@tutanota.com wrote: On terminal A, chown root:root /opt/experiment/ chmod 700 /opt/experiment On terminal B, whoami #aristo touch bbb # OK bbb is created in /opt/experiment/ cd /opt/experiment/ # Gives permission denied ls -la # Gives correct listing pwd # Gives

File and directory permissions

2018-03-06 Thread epsilon491
For example, on terminal window A, su whoami # root mkdir /opt/experiment/ chown aristo:aristo /opt/experiment/ Now on another terminal window, B, su aristo whoami # aristo cd /opt/experiment/ touch aaa # OK aaa is created On terminal A, chown root:root /opt/experiment/ chmod 700

Re: file and directory permissions question...

2003-11-06 Thread lorian
Eric, /foo - Only folks in the 'users' group can read, write and delete files/dirs. The permissions of directory foo do not influence whether someone can open a given file in it for reading or writing, only whether he can delete, create, or rename a file. Read permission for the

Re: file and directory permissions question...

2003-11-06 Thread Clive Menzies
On (06/11/03 14:39), [EMAIL PROTECTED] wrote: Eric, /foo - Only folks in the 'users' group can read, write and delete files/dirs. The permissions of directory foo do not influence whether someone can open a given file in it for reading or writing, only whether he can delete,

file and directory permissions question...

2003-11-05 Thread Eric Walstad
Hi All, I'm trying to set up some restrictions to a couple of directories and their files and just can't seem to get it right. Here's what I'm trying to do: /foo - Only folks in the 'users' group can read, write and delete files/dirs. /bar - Only folks in the 'admin' group can read,