views:

128

answers:

3

My system administrators advice me to be careful when setting access control to files and directories. He gave me an example and I got confused, here it is: a file with protection mode 644 (octal) contained in a directory with protection mode 730. so it means:

  • File: 110 100 100 (owner, group, other: rw- r-- r--)
  • Directory: 111 011 000 (owner, group, other: rwx -wx ---)

How can file be compromised in this case?

A: 

Since the directory can be written to, the file could simply be overwritten with another if the attacker is in the directory owner's group.

Carl Smotricz
so you mean the attacker who has the group access rights of the directory can overwrite directory and can change the file in his own purposes.
berkay
@Berkay: yes, that is what was meant. 'Change' means 'delete current file and create new one with same name but (probably) different permissions - as in, the owner would be different'.
Jonathan Leffler
thanks i got it, also no need to overwrite, Jonathan mentions that if a member of the group knows the name of the file, that person can also remove it because removing a file requires permission to write to the directory.
berkay
+1  A: 

You'd probably be better off asking this on http://serverfault.com/

crowne
Sometimes i got really confused about posting, it's a general question this file and directory can be reached by programs which has specific access rights in our network.
berkay
Don't worry, lots of people get confused - just don't be surprised if this question is migrated to Server-Fault and the StackOverflow version gets closed.
crosstalk
Personally, I think knowing how to set permissions on files is an important part of programming on Unix, and there is no need to ask this on SF; SO is a perfectly reasonable venue. (That said, were it asked on SF, there'd be no particular reason to migrate it to SO.)
Jonathan Leffler
+4  A: 

It depends on what you mean by 'compromise' and it depends on who belongs to the group.

The directory permissions are critical. Since members of the group can access the directory ('x') and can modify the directory ('w'), even though they cannot list the directory (no 'r'), it means that if a member of the group knows the name of the file, that person can also remove it because removing a file requires permission to write to the directory - the file permissions are immaterial (even though commands such as 'rm' let you know when you don't have write permission on the file, that is a courtesy, because it doesn't matter to the 'unlink()' system call).

So, a member of your group (or, more precisely, a member of the group to which the directory belongs) can remove the file if they know its name. They can also read the file if they know its name, and they can create a file of the same name if the original is already missing. It appears from the file permissions that being able to read the file is not compromise - you would have denied group read access (and public read access) if that mattered.

Note that although your group members cannot modify the file, because they can delete the file and create a new one with the same name, the result is basically the same as being able to modify the file. One key difference is that you'd know which user did the mischief because that user would own the file. (Well, someone with access to that user ID did the mischief.)

Jonathan Leffler
Thanks, now i'm clear.
berkay
Much nicer explanation than mine, +1.
Carl Smotricz