[ale] Permission hell question

Dow Hurst dhurst at kennesaw.edu
Wed Jun 30 16:20:30 EDT 2004 

There is something else about this.  The security scripts that can be 
installed with SuSE will harden a system against ease of use.  I've really 
given myself fits over a easy versus hardened setting for ease of use.
Dow


Geoffrey wrote:
> Stephan Uphoff wrote:
> 
>> The permissions of the covered mount point usually only come into play
>> when accessing ".." from the root of the mounted fs.
>>
>> This is true for Unix and BSD ... but I have never looked at this part 
>> of the Linux sources.
>>
>> As a normal user try to
>>     cd /mnt/memstick  #OK
>>     pwd               #Fails unless cached by shell
>>     ls ..             #Should fail
>>
>> with /mnt/memstick permission set to 700 and user root.
> 
> 
> I don't agree, note the following, all done as a normal user:
> 
> /home/esoteric> cd /mnt/memstick
> ksh: cd: /mnt/memstick - Permission denied
> 
> rhws/home/esoteric> ls -l /mnt/memstick
> ls: /mnt/memstick: Permission denied
> 
> rhws/home/esoteric> ls -ld /mnt/memstick
> drwx------    2 root     root         4096 May 12 13:59 /mnt/memstick
> 
> rhws/home/esoteric> cd /mnt/memstick
> ksh: cd: /mnt/memstick - Permission denied
> 
> rhws/home/esoteric> mount /mnt/memstick
> 
> rhws/home/esoteric> cd /mnt/memstick
> 
> rhws/mnt/memstick> pwd
> /mnt/memstick
> 
> rhws/mnt/memstick> ls ..
> cdrom  floppy  jump  memstick
> 
> So, I don't believe your point above is valid.
> 
>> It is not really necessary to have matching permissions - but the 
>> wrong set
>> of permissions can cause interesting problems in a production 
>> environment.
> 
> 
> If the mount options are correct, the permissions on the mount point do 
> not matter.  I set the perms on /mnt/memstick to 000 as root:
> 
> d---------    2 root     root         4096 May 12 13:59 /mnt/memstick
> 
> I can still mount the partition as a normal user.  When I do, the perms 
> are:
> 
> drwxr-xr-x    3 esoteric users       16384 Dec 31  1969 /mnt/memstick
> 

-- 
__________________________________________________________
Dow Hurst                  Office: 770-499-3428            *
Systems Support Specialist    Fax: 770-423-6744            *
1000 Chastain Rd. Bldg. 12                                 *
Chemistry Department SC428  Email:   dhurst at kennesaw.edu   *
Kennesaw State University         Dow.Hurst at mindspring.com *
Kennesaw, GA 30144                                         *
************************************************************
This message (including any attachments) contains          *
confidential information intended for a specific individual*
and purpose, and is protected by law.  If you are not the  *
intended recipient, you should delete this message and are *
hereby notified that any disclosure, copying, distribution *
of this message, or the taking of any action based on it,  *
is strictly prohibited.                                    *
************************************************************

More information about the Ale mailing list