[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] A question on Ownership




> 
> If a directory on a read-only filesystem had no x bit then how could the
> superuser traverse it?
> 

A hypothetical answer to a hypothetical question ;)

mount -o remount,rw /some/directory && \
	chmod +x /some/directory && \
	cd /some/directory

Obviously this won't work for cd-roms and similar WORM media :)

I don't see what it gains the SU over non-SU users, short of security, but 
that's a really thin veil as security can be implemented in other ways. Okay, 
it also allows an SU to traverse if a directory's inode has become corrupted. 
But then, would you trust the inode to cd into it in the first place. The 
(probably unanswerable?) question is - why can't normal users have this 
ability if root has? I'm not looking for a real answer here, just summat to 
ponder on. Tradition and "it's always been done like that", combined with the 
fact something might break if its done differently are reasons why it is as 
it is. Just wonder why it was like that back in the dawn of time[1].

> [Open|Net]BSD mirrors this behaviour, and seeing as modern BSD generally
> operates the same way as ancient BSD I'd say it has probably been like
> this for a long time.
> 

Hmm...must see if Digital UNIX (strong BSD) and Solaris (strong SysV) do this 
(which means summat to look at at work tomoz [if I can find a Sun box to play 
on]). Certainly a new one, but then I've never seen a directory without 
execute :) I certainly don't recall ever seeing this behaviour documented 
anyware.

Chris...

[1] Midnight, Jan 1st 1970.

-- 
\ Chris Johnson           \ NP: Jean Michelle Jarre - 04. Hey Gagarin
 \ cej [at] nightwolf.org.uk    ~-----,   
  \ http://cej.nightwolf.org.uk/  ~-----------------------------------, 
   \ Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000 \____


___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.