2 Replies Latest reply on Jun 12, 2019 4:54 PM by Dude!

    Directory permission

    happy10319
    happy10319 Jun 11, 2019 2:00 PM

      Hi,

      We did:

      chmod 736 /var/www/students/assignments/

       

      [root@Local assignments]# ls -ld /var/www/students/assignments/

      drwx-wxrw-. 2 drterryt students 44 Jan 9 23:14 /var/www/students/assignments/

       

      Can students copy over current files, or modify files in the assignments directory?

       

      If not why?

       

      For me they should be able to modify because of -wx permission.

       

      Thanks

      • 586 Views
      • Tags:
        • 1. Re: Directory permission
          Dude!
          Dude! Jun 12, 2019 5:19 PM (in response to happy10319)

          No, "x" does not stand for delete, nor does "wx" mean modify.

           

          Directories normally have execute permission in order to set a directory as a working directory, i.e. to "cd" into it. Setting write permissions (w) but no read (r) on a directory creates a dropbox, where regular users can create, modify and delete files restricted by owner and group permissions, but cannot list directory content.

           

          Base permissions for files are 0666 and 0777 for directories. You also have to consider the umask, which is 0022 for root and 0002 for regular users. Hence the default permissions are 0644 for files and 0755 for directories created by root, and 0664 and 0775 respectively for regular users.

           

          Setting file or directory permissions to 736 (owner/group/all) does not make sense and will give every user read and write access to files, including modify and delete. Setting file or directory permissions to 736 (owner/group/other) does not make sense and will give every user full access who is not owner or matched by group. If you require a more granulated access to files or directories, you need to setup ACL. Please check the man page for setfacl(1).

          • 2. Re: Directory permission
            Dude!
            Dude! Jun 12, 2019 4:54 PM (in response to Dude!)

            I had some doubt and did a few tests. So I wish to correct my previous post:

             

            The permissions are owner, group and other.

            However, other permissions apply to everyone unless matched by owner or group.

             

             

            For example:

             

            # mkdir box

            # chown dude:oinstall box

            # chmod 737 box

            # ls -ld box

            drwx-wxrwx. 1 dude oinstall 0 Jun 12 18:13 box

            # id oracle

            uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall), etc....

            # id toby

            uid=54324(toby) gid=54335(toby) groups=54335(toby)

             

             

            As we can see below group privileges take precedence:

             

            [oracle@localhost ~]$ cd /box

            [oracle@localhost box]$ ls

            ls: cannot open directory .: Permission denied

            [toby@localhost ~]$ cd /box

            [toby@localhost box]$ ls

            [toby@localhost box]$

             

            Double-check:

            # usermod -a -G oinstall toby

            # id toby

            uid=54324(toby) gid=54335(toby) groups=54335(tobi),54321(oinstall)

             

            [toby@localhost /]$ cd /box

            [toby@localhost box]$ ls

            ls: cannot open directory .: Permission denied

             

            OS OL 7.6, Filesystem BTRFS.