[ale] Permission hell question
Geoffrey
esoteric at 3times25.net
Wed Jun 30 15:39:15 EDT 2004
Stephan Uphoff wrote:
> The permissions of the covered mount point usually only come into play
> when accessing ".." from the root of the mounted fs.
>
> This is true for Unix and BSD ... but I have never looked at this part
> of the Linux sources.
>
> As a normal user try to
> cd /mnt/memstick #OK
> pwd #Fails unless cached by shell
> ls .. #Should fail
>
> with /mnt/memstick permission set to 700 and user root.
I don't agree, note the following, all done as a normal user:
/home/esoteric> cd /mnt/memstick
ksh: cd: /mnt/memstick - Permission denied
rhws/home/esoteric> ls -l /mnt/memstick
ls: /mnt/memstick: Permission denied
rhws/home/esoteric> ls -ld /mnt/memstick
drwx------ 2 root root 4096 May 12 13:59 /mnt/memstick
rhws/home/esoteric> cd /mnt/memstick
ksh: cd: /mnt/memstick - Permission denied
rhws/home/esoteric> mount /mnt/memstick
rhws/home/esoteric> cd /mnt/memstick
rhws/mnt/memstick> pwd
/mnt/memstick
rhws/mnt/memstick> ls ..
cdrom floppy jump memstick
So, I don't believe your point above is valid.
> It is not really necessary to have matching permissions - but the wrong set
> of permissions can cause interesting problems in a production environment.
If the mount options are correct, the permissions on the mount point do
not matter. I set the perms on /mnt/memstick to 000 as root:
d--------- 2 root root 4096 May 12 13:59 /mnt/memstick
I can still mount the partition as a normal user. When I do, the perms are:
drwxr-xr-x 3 esoteric users 16384 Dec 31 1969 /mnt/memstick
--
Until later, Geoffrey Registered Linux User #108567
Building secure systems in spite of Microsoft
More information about the Ale
mailing list