On Mon, 15 Apr 2002 00:35:45 +0100 "Chris J" <cej [at] nccnet.co.uk> wrote: > > If a directory on a read-only filesystem had no x bit then how could > > the superuser traverse it? > > A hypothetical answer to a hypothetical question ;) > > mount -o remount,rw /some/directory && \ > chmod +x /some/directory && \ > cd /some/directory > > Obviously this won't work for cd-roms and similar WORM media :) lol, yes at a shove that would do it :) > I don't see what it gains the SU over non-SU users, short of security, > but that's a really thin veil as security can be implemented in other > ways. Okay, it also allows an SU to traverse if a directory's inode has > become corrupted. But then, would you trust the inode to cd into it in > the first place. The (probably unanswerable?) question is - why can't > normal users have this ability if root has? I'm not looking for a real > answer here, just summat to ponder on. Tradition and "it's always been > done like that", combined with the fact something might break if its > done differently are reasons why it is as it is. Just wonder why it was > like that back in the dawn of time[1]. The 'more correct' ie. 'most logical' mode of operation is that with no x bits set nobody goes in the directory. root is an exception - root must be able to enter any directory without modifying it beforehand. A better example would be backing up a filesystem to tape. root must be able to read the contents of every directory, and do so without modifying the filesystem or he/she will get an inaccurate snapshot of the filesystem on tape. This kind of functionality is unnecessary for normal users, so they revert to the 'more correct' operation. > Hmm...must see if Digital UNIX (strong BSD) and Solaris (strong SysV) do > this (which means summat to look at at work tomoz [if I can find a Sun > box to play on]). Certainly a new one, but then I've never seen a > directory without execute :) I certainly don't recall ever seeing this > behaviour documented anyware. I would assume so, for the reasons I have outlined above. > [1] Midnight, Jan 1st 1970. The epoch only became 00:00 1/1/1970 in 1973. Before that it was 1971. Unix users' manual, first edition, at the homepage of Dennis Ritchie http://cm.bell-labs.com/cm/cs/who/dmr/1stEdman.html --Andrew -- sparc sun4c stuff : http://www.lostgeneration.freeserve.co.uk/sparc personal email : bob at lostgeneration dot freeserve dot co dot uk
Attachment:
pgp00012.pgp
Description: PGP signature