dschneider
asked on
Question on Directory Permissions
I'm running Mandrake 7.0 with multiple users. Most of my directories, such as /home are owned by root who has rwx privileges, and the group is also root (consisting of 1 user, root). The root group has r-x privileges, and finally all other users have just x privilege.
My understanding of privileges is that a regular user, since he has only x privilege can cd into the directory but cannot ls.
This does not seem to be the case with root root ownership. A regular user is able to list all the files in that directory. (Again the privileges are
drwx r-x --x, root root). The only way I seem to be able to prevent this is to give the root group just x privileges, e.g. (drwx --x --x)
Can anyone explain this? Why does the root group permissions affect regular non-privileged users?
Thanks,
David
My understanding of privileges is that a regular user, since he has only x privilege can cd into the directory but cannot ls.
This does not seem to be the case with root root ownership. A regular user is able to list all the files in that directory. (Again the privileges are
drwx r-x --x, root root). The only way I seem to be able to prevent this is to give the root group just x privileges, e.g. (drwx --x --x)
Can anyone explain this? Why does the root group permissions affect regular non-privileged users?
Thanks,
David
I haven't used mandrake but what I know is that on some systems to be able to execute one must have read permissions as well it may be that those who designed the system made it such that once you give execute permissions then it automatically gives read permissions I am just guessing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Some distros avoid the user group; to which all users normally belong; as a security feature. I do not know why group=root is used though.
On the practical side if users can logon and create new files in their home directory something other then the 751 setting is at work. I'd suggest logging in as yourself and root using two ttys/v-consoles
As you - login, check your in home dir, create new file
As root - login, cd /homes check permisssions on your home dir, cd your home dir, check permissions on files
Can you post results as it is a curious setup (to a slakwarer anyway)
On the practical side if users can logon and create new files in their home directory something other then the 751 setting is at work. I'd suggest logging in as yourself and root using two ttys/v-consoles
As you - login, check your in home dir, create new file
As root - login, cd /homes check permisssions on your home dir, cd your home dir, check permissions on files
Can you post results as it is a curious setup (to a slakwarer anyway)
ASKER
Dear Tadam,
I logged into my server as an unprivileged user. Changed to the / directory. I could list the subdirectories. Most had the following permissions:
drwxr-x--x root root
I could cd into any subdirectory with that permission and also list all files and subdirectires within that subdirectory.
If I changed the permission to
drwx--x--x
I could cd into that directory, but no longer could use ls. Could be doing something silly, but it's not obvious.
David
I logged into my server as an unprivileged user. Changed to the / directory. I could list the subdirectories. Most had the following permissions:
drwxr-x--x root root
I could cd into any subdirectory with that permission and also list all files and subdirectires within that subdirectory.
If I changed the permission to
drwx--x--x
I could cd into that directory, but no longer could use ls. Could be doing something silly, but it's not obvious.
David
Ok then. What about two groups being assigned the same id number then? Maybe the root group has the same GID as another group. See the numbers on the same line as the group you are looking at in /etc/group.
ASKER
I'm sorry to say that Tadams was right. I did something extremely silly. I thank you all for helping me.
David
David
Don't sweat it, we all do silly things once in awhile. Just be sure to be very carefull when editing files directly. If you are going to add a group, you can use groupadd.
There's also a program to add a user to a group, but I never use it so I've forgotten what it is called.
There's also a program to add a user to a group, but I never use it so I've forgotten what it is called.