File and Directory Permissions.

[Daemonice]

Suppose you have a file owned by nobody or world-readable and you have it in a directory with permissions drwxrwxrwx and above that you another directory (also owned by you) with drwx-----x. Will this block access to the file from other users on the system? Even if they knew the exact location, they can not access it? What if another user deploys a CGI-script that runs as nobody and tries to access the file with this. This would not give him more success? If this approach works, then why is it that the Apache web server does have access to the files?

Is it correct that any permissions given to the world are also automatically given to the group? If this is correct then it would be clearer to always turn on a permission for group if you turn on for the world. In other words -rw-r--r-- would be the same and clearer than -rw----r--.

Thank you in advance,
Lou.

 

[zeland]

Suppose you have a file owned by nobody or world-readable and you have it in a directory with permissions drwxrwxrwx and above that you another directory (also owned by you) with drwx-----x. Will this block access to the file from other users on the system?
No

Is it correct that any permissions given to the world are also automatically given to the group?. In other words -rw-r--r-- would be the same and clearer than -rw----r--.
No. If a file's ownership is root:john and is given the permission -rw----r--, then everybody except john can view the file. However, if the ownership is root:root, then everyone including john can view the file.


--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--