[Novices] permissions & sharing between users

Bruce Smith bruce at armintl.com
Tue Dec 14 11:37:07 EST 2004 

> > Yes, it's because your home directory is not readable by other users.
> > 
> > You could let people read your home directory by giving it 755
> > permissions.  They won't be able to write to your home, they can only
> > write to files and directories in your home where they have write
> > permission.  And they won't be able to create or delete files/sub-dirs
> > in your home, no matter what permissions the files/sub-dirs have.
> > They will still be able to access files in your shared subdir if you
> > give it 777 permissions.
> 
> But would they be able to read my actual files?  

It depends on the permissions of your actual files (and subdirectories).

Once they have read (r) and search (x) access to your home directory,
they can see the files are there, but they need permissions to the
actual files to see what's inside them.  Of if the files have global
write permission, then they could also change the file.

However, even if the file had global write permission, they couldn't
delete it.  Conversely, if your home directory had global write
permission, anyone could delete files (and _empty_ directories) in your
home directory, no matter what permissions are of the actual file!!!

The best way I can think to explain it, is to try and think like the
computer.  What _exactly_ is it doing on every operation.

To delete a file, all it has to do is remove it from the directory where
it lives.  It doesn't need read or write access to the actual file,
because it's not changing the file.  It's only removing an entry from
the directory, so to delete _any_ file from a directory, the user needs
write access to the directory, permissions on the file don't matter.
Same for creating a file in a directory, the user needs write access to
the directory.

> I don't get how files 
> inherit (or don't) the permissions of their dirs.

They don't inherit.

Files have default permissions they are created with (umask).

You need access to the parent directory to get to any file.
(so you can't edit a global writable file unless you have _search_
access to the directory)  For a directory search access is displayed as
"x" (it means executable for a file).  So people can access files in a
directory if they have search access.  If they want to list the files in
a directory, they also need read access (r).  If they only have search
access, they have to know the filename to access it.

You've seen FTP sites that have "hidden" files in directories?  They set
those directories to 711 permissions so only search permission is set
globally, and the file names cannot be listed.

 - BS

More information about the Novices mailing list