Solved

Unix - Permission issue

Posted on 2013-06-05
5
283 Views
Last Modified: 2013-06-24
I was able to login as a regular user and able to cd to this directory. How is it possible.

How it understand 2345? based on the below permission, we only have r/w access to owner 2345 and unix does not able to see who is 2345. Can some one advise.

$ ls -ld .
drwx------ 3 2345 dev 8192 Jun  5 10:09 .
$
$
$ pwd
/data/app/dev/tech

$ df -h .
Filesystem            Size  Used Avail Use% Mounted on
NAS device:/vol/tech
                      8.0G  2.1G  6.0G  26% /data/app/dev/tech
0
Comment
Question by:ittechlab
  • 2
  • 2
5 Comments
 
LVL 20

Assisted Solution

by:carlmd
carlmd earned 215 total points
ID: 39223211
What you are showing is the permissons on a directory, that appears to be a sub directory. What are the permissions or the directory above it, and the files in it?

To confirm, you logged in as a user other than 2345?
0
 

Author Comment

by:ittechlab
ID: 39223458
yes. I am logged in as a user which has different uid.

How I am able to cd to the directory when I am not the owner of this directory.
0
 

Author Comment

by:ittechlab
ID: 39223615
when I mount NFS file system, how is the permission works.  Can you please explain in me detail.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 39223778
So the directory you are talking about is NFS mounted from a windows (or what type) system?
0
 
LVL 26

Accepted Solution

by:
skullnobrains earned 215 total points
ID: 39228944
the read permission will let you list the files INSIDE the directory
the execute permission will let you access the contained file's metainfo

so basically, unless your shell does some extra checks, there is no reason why you could not cd to a directory even though you are not allowed to read it's contents. you should rather have a look at the permissions on the parent directory if you wonder about that

---

2345 is an uid on a remote system (could also be a deleted local user). unix systems will handle access rights based on uids. if the uid is not mapped to a name, it only changes the display of ls and the likes but the permissions work the same. you may or may not be able to set permissions for a non-existent user, but they will work properly regardless.

---

when you mount an nfs volume with no specific options, nfs passes uids verbatim, and the remote system handles them like local ones. if user 1005 is "max" on the client side and "bob" on the server side, max will actually have the same access rights on the server as bob would have if he logged on to the server.

various mount options can change this behavior : nfs supports mapping specific users to other users, map everybody to a specific user, add acls based on client ip... most distributions will setup nfs shares with a default root_squash option that changes uid 0 to guest so you cannot have root access.

when you setup nfs, you need to make sure that either you map users to dedicated accounts, or you keep the uids in sync on all machines
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now