[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] A question on Ownership



On Mon, 15 Apr 2002 00:35:45 +0100
"Chris J" <cej [at] nccnet.co.uk> wrote:

> > If a directory on a read-only filesystem had no x bit then how could
> > the superuser traverse it?
> 
> A hypothetical answer to a hypothetical question ;)
> 
> mount -o remount,rw /some/directory && \
> 	chmod +x /some/directory && \
> 	cd /some/directory
> 
> Obviously this won't work for cd-roms and similar WORM media :)

lol, yes at a shove that would do it :)

> I don't see what it gains the SU over non-SU users, short of security,
> but that's a really thin veil as security can be implemented in other
> ways. Okay, it also allows an SU to traverse if a directory's inode has
> become corrupted. But then, would you trust the inode to cd into it in
> the first place. The (probably unanswerable?) question is - why can't
> normal users have this ability if root has? I'm not looking for a real
> answer here, just summat to ponder on. Tradition and "it's always been
> done like that", combined with the fact something might break if its
> done differently are reasons why it is as it is. Just wonder why it was
> like that back in the dawn of time[1].

The 'more correct' ie. 'most logical' mode of operation is that with no x
bits set nobody goes in the directory. 

root is an exception - root must be able to enter any directory without
modifying it beforehand. A better example would be backing up a filesystem
to tape. root must be able to read the contents of every directory, and do
so without modifying the filesystem or he/she will get an inaccurate
snapshot of the filesystem on tape.

This kind of functionality is unnecessary for normal users, so they revert
to the 'more correct' operation.

> Hmm...must see if Digital UNIX (strong BSD) and Solaris (strong SysV) do
> this (which means summat to look at at work tomoz [if I can find a Sun
> box to play on]). Certainly a new one, but then I've never seen a
> directory without execute :) I certainly don't recall ever seeing this
> behaviour documented anyware.

I would assume so, for the reasons I have outlined above.


> [1] Midnight, Jan 1st 1970.

The epoch only became 00:00 1/1/1970 in 1973. Before that it was 1971.

Unix users' manual, first edition, at the homepage of Dennis Ritchie

http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html

--Andrew

-- 
sparc sun4c stuff : http://www.lostgeneration.freeserve.co.uk/sparc
personal email    : bob at lostgeneration dot freeserve dot co dot uk

Attachment: pgp00012.pgp
Description: PGP signature