Re: dir permissions in linux: does a "w" without an "x" mean anything useful?



Rahul <nospam@xxxxxxxxxxxxxx> writes:

Jakub =?UTF-8?B?RmnFoWVy?= <mr@xxxxxxxxxxxx> wrote in
20090422231212.727d46a4@ghoulie:">news:20090422231212.727d46a4@ghoulie:

To prevent this we have yet another "permission" - sticky. On files it
has no effect (it has something to do with keeping binaries in memory
but now its ignored).On DIRECTORIES however it makes you unable to
delete entries that you do not own.


hope it makes better sense to you now :)


Thanks guys! This helps a lot. I was already pretty comfy with rwx on files
but dirs were always somewhat of a mysterious beast. And these were the
sort of tricky combinations that the sites out there do not explain.

man chmod

RESTRICTED DELETION FLAG OR STICKY BIT
The restricted deletion flag or sticky bit is a single bit, whose
interpretation depends on the file type. For directories, it prevents
unprivileged users from removing or renaming a file in the directory
unless they own the file or the directory; this is called the
restricted deletion flag for the directory, and is commonly found on
world-writable directories like /tmp. For regular files on some older
systems, the bit saves the program's text image on the swap device so
it will load more quickly when run; this is called the sticky bit.

A follow up question:

There is no way in Linux of making a sub-folder deep down visible without
having all its parent dirs visible (seacrhable) too is there?

If you know where it is sure. The parent does not need to be readable to
be able to search it.
Thus if your directory is /my/deep/buried/directory. if my,deep, and buried
do not have r set, then doing
ls /my/deep/buried/directory
will list the files in that directory.
But ls /my/deep/buried
will show nothing (permission denied)

i.e. I need a +rx on all parent dirs.

not if you do not want to read the parents

So I cannot publish "public" from /foo/bar/secret/public without yielding
at least listing rights on /foo/bar/secret?

see above. Exeriments are great. And much faster than asking.


Or is there a trick around this? I suspect there is, because otherwise this
would be a somewhat arbitrary requirement that stems more from
implimentation than user-needs and that is so unlike most things linuxey!
:)

--
Rahul
.