Hello
I thought I understood access permissions, but a
few oddities have made me question myself.
Here is one to warm up.
ngc@saturn /test > id
uid=106(ngc) gid=100(ngc)
ngc@saturn /test > touch xx
ngc@saturn /test > chmod 0040 xx
ngc@saturn /test > ls -l xx
----r----- 1 ngc ngc 0 Dec 19 11:56 xx
ngc@saturn /test > cat xx
xx: Permission denied
ngc@saturn /test >
Is that right? Since the file has group read permission
and it is my group I would expect to be able to read it.
Here is the related problem I really want help with. The
one above just popped up whilst investigating this.
If I login at root (login mind, not switch users using su)
login: root
Password:
cd /test
touch read-by-group
chmod 0040 read-by-group
chown ngc:ngc read-by-group
su - nobody
$ id
uid=99(nobody) gid=99(nobody)
groups=0(root),1(bin),3(sys),4(adm),5(tty)
$ ls -l /test
total 0
----r----- 1 ngc ngc 0 Dec 19 12:21 read-by-group
$ cat /test/read-by-group
/test/read-by-group: Permission denied
Fair enough. There is no read perission for ‘nobody’
Now login as user ngc (again, login, not su)
login: ngc
Password:
ngc@saturn ~ > id
uid=106(ngc) gid=100(ngc)
ngc@saturn ~ > cat /test/read-by-group
/test/read-by-group: Permission denied
ngc@saturn ~ > l !$
l /test/read-by-group
----r----- 1 ngc ngc 0 Dec 19 12:21 /test/read-by-group
ngc@saturn ~ > su -
password:
su - nobody
$ id
uid=99(nobody) gid=99(nobody)
$ cat /test/read-by-group
$ echo $?
0
$
User ngc cannot read the file, despite being in the
correct group. But user nobody can read it.
Can anyone explain this? The issue is not related to
reading but exists with writing as well. The scripts
below are what I started off with and demonstrate the
issue further.
Script mkfiles run as root:
#!/bin/sh
touch readonly-all
chmod 0444 readonly-all
touch readonly-user
chmod 0400 readonly-user
touch readonly-group
chmod 0040 readonly-group
touch readonly-other
chmod 0004 readonly-other
touch writeonly-all
chmod 0222 writeonly-all
touch writeonly-user
chmod 0200 writeonly-user
touch writeonly-group
chmod 0020 writeonly-group
touch writeonly-other
chmod 0002 writeonly-other
touch readwrite-all
chmod 0666 readwrite-all
touch readwrite-user
chmod 0600 readwrite-user
touch readwrite-group
chmod 0060 readwrite-group
touch readwrite-other
chmod 0006 readwrite-other
chown ngc:ngc *
Script access-files run as someone else, eg you or
“nobody” after switching users with su:
#!/bin/sh
set readonly-all
readonly-user
readonly-group
readonly-other
writeonly-all
writeonly-user
writeonly-group
writeonly-other
readwrite-all
readwrite-user
readwrite-group
readwrite-other
for f ; do
LSL=ls -l $f
PERM=echo $LSL | awk '{ print $1 }'
if ( cat $f > /dev/null 2>&1 ); then
READ=r
else
READ=.
fi
if ( echo 1 2> /dev/null > $f ); then
WRITE=w
else
WRITE=.
fi
echo $PERM $READ$WRITE $f
done
After makiung the files we get:
ls -l /test
total 4
-r–r–r-- 1 ngc ngc 0 Dec 19 12:31 readonly-all
----r----- 1 ngc ngc 0 Dec 19 12:31 readonly-group
-------r-- 1 ngc ngc 0 Dec 19 12:31 readonly-other
-r-------- 1 ngc ngc 0 Dec 19 12:31 readonly-user
-rw-rw-rw- 1 ngc ngc 0 Dec 19 12:31 readwrite-all
----rw---- 1 ngc ngc 0 Dec 19 12:31 readwrite-group
-------rw- 1 ngc ngc 0 Dec 19 12:31 readwrite-other
-rw------- 1 ngc ngc 0 Dec 19 12:31 readwrite-user
–w–w–w- 1 ngc ngc 0 Dec 19 12:31 writeonly-all
-----w---- 1 ngc ngc 0 Dec 19 12:31 writeonly-group
--------w- 1 ngc ngc 0 Dec 19 12:31 writeonly-other
–w------- 1 ngc ngc 0 Dec 19 12:31 writeonly-user
Logging in as ngc (owner and group of files) and then switching
to root and then to nobody:
$ cd /test
$ /home/wrm/dev/access-files
-r–r–r-- r. readonly-all
-r-------- … readonly-user
----r----- r. readonly-group
-------r-- … readonly-other
–w–w–w- .w writeonly-all
–w------- … writeonly-user
-----w---- .w writeonly-group
--------w- … writeonly-other
-rw-rw-rw- rw readwrite-all
-rw------- … readwrite-user
----rw---- rw readwrite-group
-------rw- … readwrite-other
$
Results for group and other are reversed from what I expected.
Sorry this is so long. I hope someone else can reproduce my
results and explain this.
Regards
William Morris
wmorris@uk.waukbearing.com