Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Unix - Permission issue

Posted on 2013-06-05
5
Medium Priority
?
304 Views
Last Modified: 2013-06-24
I was able to login as a regular user and able to cd to this directory. How is it possible.

How it understand 2345? based on the below permission, we only have r/w access to owner 2345 and unix does not able to see who is 2345. Can some one advise.

$ ls -ld .
drwx------ 3 2345 dev 8192 Jun  5 10:09 .
$
$
$ pwd
/data/app/dev/tech

$ df -h .
Filesystem            Size  Used Avail Use% Mounted on
NAS device:/vol/tech
                      8.0G  2.1G  6.0G  26% /data/app/dev/tech
0
Comment
Question by:ittechlab
  • 2
  • 2
5 Comments
 
LVL 20

Assisted Solution

by:carlmd
carlmd earned 645 total points
ID: 39223211
What you are showing is the permissons on a directory, that appears to be a sub directory. What are the permissions or the directory above it, and the files in it?

To confirm, you logged in as a user other than 2345?
0
 

Author Comment

by:ittechlab
ID: 39223458
yes. I am logged in as a user which has different uid.

How I am able to cd to the directory when I am not the owner of this directory.
0
 

Author Comment

by:ittechlab
ID: 39223615
when I mount NFS file system, how is the permission works.  Can you please explain in me detail.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 39223778
So the directory you are talking about is NFS mounted from a windows (or what type) system?
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 645 total points
ID: 39228944
the read permission will let you list the files INSIDE the directory
the execute permission will let you access the contained file's metainfo

so basically, unless your shell does some extra checks, there is no reason why you could not cd to a directory even though you are not allowed to read it's contents. you should rather have a look at the permissions on the parent directory if you wonder about that

---

2345 is an uid on a remote system (could also be a deleted local user). unix systems will handle access rights based on uids. if the uid is not mapped to a name, it only changes the display of ls and the likes but the permissions work the same. you may or may not be able to set permissions for a non-existent user, but they will work properly regardless.

---

when you mount an nfs volume with no specific options, nfs passes uids verbatim, and the remote system handles them like local ones. if user 1005 is "max" on the client side and "bob" on the server side, max will actually have the same access rights on the server as bob would have if he logged on to the server.

various mount options can change this behavior : nfs supports mapping specific users to other users, map everybody to a specific user, add acls based on client ip... most distributions will setup nfs shares with a default root_squash option that changes uid 0 to guest so you cannot have root access.

when you setup nfs, you need to make sure that either you map users to dedicated accounts, or you keep the uids in sync on all machines
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month11 days, 22 hours left to enroll

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question