There’s a Lot in the Dot: Filesystem Permissions and Pathnames (Part 2)

Still deeper into the dot (.) with an dive into access permissions. Study up because there's going to be a quiz.
Wednesday, March 24th, 2010

Access Permissions

Once you see how pathnames work, understanding access permissions is simple. You’re probably familar with access permissions for files: read permission lets a program read the file’s contents, write permission allows modification, and execute permission is for executable programs. Notice that none of those permissions control whether you can rename or delete the file. Why? We’ll see soon.

A directory is actually just a special type of file, and a directory’s permissions are easy to understand when you realize that a directory holds entries for other files. So:

  • Read permission lets a program read the entries listed in the directory — for instance, with ls or a shell wildcard like *. (Some graphical filesystem browsers will say a directory is “unreadable” unless it also has execute permission, but that’s not strictly true.)
  • Write permssion lets you modify the entries in a directory. Think of the directory as a file in a word processor. To edit the file — to change the spelling or words, add or delete words — you need write permission. A directory is the same way. If you don’t have write permission, you can’t delete, rename, or add entries to the directory. So, to protect the contents of a directory, make the directory unwritable.
  • Execute permission lets you access the files linked from a directory. Note that you don’t need read permission; if a directory isn’t readable, you can still access an entry if you know its exact name. (That’s like denying index permission on a web server folder to prevent people from knowing its contents: you can still get a web page by using its exact URI.)

Pathnames and the shell PATH Pathnames work almost anywhere, with any command. One notable exception is specifying the program you want to use. If the program’s pathname contains a /, it will be followed. Otherwise, different rules apply.

For example, let’s say your current directory is /home/jpeek/bin. If you want to run the program prog from the current directory, here are three pathnames — three ways you can specify its location:

$ ls -l prog
-rwxr-xr-x 1 jpeek  238 2009-08-19 06:28 prog
$ /home/jpeek/bin/prog
$ ./prog
$ prog
bash: prog: command not found
$ echo $PATH
/usr/local/bin:/usr/bin:/bin

From ls -l, we can see that prog is a valid pathname: it’s an entry in the current directory. So why did bash say “command not found”? If you specify a program name only, without a slash, the shell will search through each directory in the PATH environment variable, looking for the program in that directory. As you can see from the last command, the current directory isn’t in $PATH. This is for security. In this case, to run a program from the current directory, you have to tell the shell ./prog. But, with other commands, the ./ is redundant; prog is simpler.

Quiz

Here’s a directory listing from ls -l, run by the superuser (who can access everything on the filesystem):

# ls -la /home/zoe
drwxrwx--x 2 zoe users  8192 2010-03-14 18:33 .
drwx--x--x 9 zoe users 16384 2010-03-11 08:00 ..
-rw-r--r-- 1 zoe users  2942 2010-03-16 13:45 afile
drwx------ 2 zoe users  4096 2010-03-14 18:33 dir
-rw-r--r-- 1 zoe users  4039 2009-11-22 08:18 .profile
  • Q: An attacker breaks into a non-superuser account that’s not a member of the users group. What does ls /home show?
    A: Permission denied because there’s no read permission on .. (/home, the parent of /home/zoe).
  • Q: The attacker knows that there’s a user named zoe. What does cd /home/zoe do?
    A: It succeeds because the parent directories both have execute permission. But listing would fail with ls: cannot open directory . because there’s no read permission.
  • Q: The attacker tries vim .profile to modify Zoe’s startup file. What happens?
    A: vim opens the file read-only because there’s read permission, but no write permission, on the file.
  • Q: jpeek, who’s a member of the users group, types cd /home/zoe, then ls, then rm afile. What happens?
    A: He can access the directory because he has execute permssion. He can list . because he has read permission. He removes afile because he has write permission on . (the directory containing the entry for afile).
  • Q: What if jpeek now types cd dir?
    A: It fails because he doesn’t have execute permission on dir.

If anything in that quiz surprised you, this might be a good time to open a terminal window and make up some exercises for yourself. Enjoy!

Jerry Peek is a freelance writer and instructor who has used Unix and Linux for more than 25 years. He's happy to hear from readers; see http://www.jpeek.com/contact.html.

Comments on "There’s a Lot in the Dot: Filesystem Permissions and Pathnames (Part 2)"

troyhansonlm

Bought my first Unix book (your Unix Power Tools) in 1993.. worked at Cray and Los Alamos for a couple summers.. then spent a life time in Unix.. and still learning from you (4th question). Thanks Jerry!

March 25th, 2010 at 5:31 pm
Reply
kyron

Well, there is something wrong with your installation since zoe is owner of .. from within her folder, which implies she is owner of /home. This said, assuming the hacked account is not zoe\’s Answer #1 remains true ;)

March 26th, 2010 at 1:27 am
Reply
jp

Whoops, @kyron, you\’re right that zoe should not be the owner of .. (/home) from within her home directory. (I made a copy-and-paste mistake there.) Try root instead.

And thanks, @troyhansonlm.

March 26th, 2010 at 3:38 am
Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>