Can you change permissions for a child directory that you do not own?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
Picture a scenario in which you have a parent and a child directory. In the parent directory you have given group rwx. Below that directory you have a directory in which the group permissions are --- (so no permissions.) Is this secure? Why or why not?
This setup immediately struck me as not secure; my original thinking was that since group had all permissions in the parent directory, they can change the permissions of the child. But when we tested this theory it didn't work.
I created a directory Test and changed permissions with chmod 777 Test
; then, inside that directory, I created a directory ChildTest and set permissions with chmod 700 ChildTest
, thereby setting up the parameters in the question.
Then my friend cd'd into my Test directory and tried several different things to try to access ChildTest: (Our HP/UX environment uses ksh)
cp -R ChildTest ~
chmod 777 ChildTest
mkdir New
mv ChildTest New # (also tried this with cp)
All of which fail because he did not own ChildTest
. So we were thinking maybe it was more secure than we thought. We asked the professor, who again, alluded to the fact that it wasn't secure at all, but wouldn't give us any information more than "You need to do it with two people, because its too easy to change your own permissions" (which really confused us because... we were?)
So anyway, I'm sure that this set up is in fact not secure, but I just don't know how to prove it. I don't want the answer given to me, but maybe just a push in the right direction or confirmation that I'm on the right track would be great.
permissions directory-structure hp-ux
add a comment |Â
up vote
1
down vote
favorite
Picture a scenario in which you have a parent and a child directory. In the parent directory you have given group rwx. Below that directory you have a directory in which the group permissions are --- (so no permissions.) Is this secure? Why or why not?
This setup immediately struck me as not secure; my original thinking was that since group had all permissions in the parent directory, they can change the permissions of the child. But when we tested this theory it didn't work.
I created a directory Test and changed permissions with chmod 777 Test
; then, inside that directory, I created a directory ChildTest and set permissions with chmod 700 ChildTest
, thereby setting up the parameters in the question.
Then my friend cd'd into my Test directory and tried several different things to try to access ChildTest: (Our HP/UX environment uses ksh)
cp -R ChildTest ~
chmod 777 ChildTest
mkdir New
mv ChildTest New # (also tried this with cp)
All of which fail because he did not own ChildTest
. So we were thinking maybe it was more secure than we thought. We asked the professor, who again, alluded to the fact that it wasn't secure at all, but wouldn't give us any information more than "You need to do it with two people, because its too easy to change your own permissions" (which really confused us because... we were?)
So anyway, I'm sure that this set up is in fact not secure, but I just don't know how to prove it. I don't want the answer given to me, but maybe just a push in the right direction or confirmation that I'm on the right track would be great.
permissions directory-structure hp-ux
Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
â Andy Dalton
Sep 19 at 20:48
I think it was a student's name used as the group name that unfortunately looked like a type of permission.
â Mark Stewart
Sep 19 at 20:49
Actually thatâÂÂs supposed to be rwx, but autocorrect is my enemy once again
â Macimoar
Sep 19 at 20:51
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
Picture a scenario in which you have a parent and a child directory. In the parent directory you have given group rwx. Below that directory you have a directory in which the group permissions are --- (so no permissions.) Is this secure? Why or why not?
This setup immediately struck me as not secure; my original thinking was that since group had all permissions in the parent directory, they can change the permissions of the child. But when we tested this theory it didn't work.
I created a directory Test and changed permissions with chmod 777 Test
; then, inside that directory, I created a directory ChildTest and set permissions with chmod 700 ChildTest
, thereby setting up the parameters in the question.
Then my friend cd'd into my Test directory and tried several different things to try to access ChildTest: (Our HP/UX environment uses ksh)
cp -R ChildTest ~
chmod 777 ChildTest
mkdir New
mv ChildTest New # (also tried this with cp)
All of which fail because he did not own ChildTest
. So we were thinking maybe it was more secure than we thought. We asked the professor, who again, alluded to the fact that it wasn't secure at all, but wouldn't give us any information more than "You need to do it with two people, because its too easy to change your own permissions" (which really confused us because... we were?)
So anyway, I'm sure that this set up is in fact not secure, but I just don't know how to prove it. I don't want the answer given to me, but maybe just a push in the right direction or confirmation that I'm on the right track would be great.
permissions directory-structure hp-ux
Picture a scenario in which you have a parent and a child directory. In the parent directory you have given group rwx. Below that directory you have a directory in which the group permissions are --- (so no permissions.) Is this secure? Why or why not?
This setup immediately struck me as not secure; my original thinking was that since group had all permissions in the parent directory, they can change the permissions of the child. But when we tested this theory it didn't work.
I created a directory Test and changed permissions with chmod 777 Test
; then, inside that directory, I created a directory ChildTest and set permissions with chmod 700 ChildTest
, thereby setting up the parameters in the question.
Then my friend cd'd into my Test directory and tried several different things to try to access ChildTest: (Our HP/UX environment uses ksh)
cp -R ChildTest ~
chmod 777 ChildTest
mkdir New
mv ChildTest New # (also tried this with cp)
All of which fail because he did not own ChildTest
. So we were thinking maybe it was more secure than we thought. We asked the professor, who again, alluded to the fact that it wasn't secure at all, but wouldn't give us any information more than "You need to do it with two people, because its too easy to change your own permissions" (which really confused us because... we were?)
So anyway, I'm sure that this set up is in fact not secure, but I just don't know how to prove it. I don't want the answer given to me, but maybe just a push in the right direction or confirmation that I'm on the right track would be great.
permissions directory-structure hp-ux
permissions directory-structure hp-ux
edited Sep 19 at 20:52
Goro
6,16552763
6,16552763
asked Sep 19 at 20:06
Macimoar
63
63
Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
â Andy Dalton
Sep 19 at 20:48
I think it was a student's name used as the group name that unfortunately looked like a type of permission.
â Mark Stewart
Sep 19 at 20:49
Actually thatâÂÂs supposed to be rwx, but autocorrect is my enemy once again
â Macimoar
Sep 19 at 20:51
add a comment |Â
Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
â Andy Dalton
Sep 19 at 20:48
I think it was a student's name used as the group name that unfortunately looked like a type of permission.
â Mark Stewart
Sep 19 at 20:49
Actually thatâÂÂs supposed to be rwx, but autocorrect is my enemy once again
â Macimoar
Sep 19 at 20:51
Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
â Andy Dalton
Sep 19 at 20:48
Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
â Andy Dalton
Sep 19 at 20:48
I think it was a student's name used as the group name that unfortunately looked like a type of permission.
â Mark Stewart
Sep 19 at 20:49
I think it was a student's name used as the group name that unfortunately looked like a type of permission.
â Mark Stewart
Sep 19 at 20:49
Actually thatâÂÂs supposed to be rwx, but autocorrect is my enemy once again
â Macimoar
Sep 19 at 20:51
Actually thatâÂÂs supposed to be rwx, but autocorrect is my enemy once again
â Macimoar
Sep 19 at 20:51
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
1
down vote
Indeed: you cannot change permissions of the child directory because the permissions are stored per-file/directory in -what is called- the "inode". In that respect it is secure.
But the name of the child directory is stored in the parent directory, as a directory is a special file that contains the names of the files (and as such child directories too) it contains. And in the parent directory every user/group has got write permissions.
Therefore a user who does not own the child directory can rename it, or remove the child directory if it is empty. On some systems it may even be moved to another directory where he/she has write permissions if it's in the same file system.
3
You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the..
entry in it.
â Stéphane Chazelas
Sep 19 at 21:06
1
Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained underEACCES
inman 2 rename
.
â Joseph Sible
Sep 19 at 22:42
@Stéphane Chazelas : Good point. Edited.
â Hkoof
Sep 20 at 6:35
add a comment |Â
up vote
0
down vote
By POSIX, changing the subdirectory permissions should not work:
Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, shall be permitted to change the file mode bits of a file.
But the rename should work, it only requires write access to the containing directory:
(root) /tmp# mkdir -p one/two; chmod 0777 one; chmod 0700 one/two
(user) /tmp/one$ mv two three && echo ok
ok
Though at least on Linux, setting the sticky bit will prevent that, as it will prevent removing files and directories you don't own:
(root) /tmp# chmod +t one
(user) /tmp/one$ mv three four
mv: cannot move 'three' to 'four': Operation not permitted
I'll freely admit I have no idea about any HP-UX specific features that would affect this.
How much of a problem it is that someone could rename the subdirectory depends on what you're doing with those directories. The user who has access only to the the top-level directory can't read any files in the subdirectory so in that sense you're safe. But since they can rename and recreate a directory with the same name, they could impersonate whatever is supposed to be there.
That would matter if e.g. some external service reads files in the subdirectory. Think something like the directory where crontab
files are kept; you wouldn't want anyone to be able to create a crontab
in someone else's name.
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Indeed: you cannot change permissions of the child directory because the permissions are stored per-file/directory in -what is called- the "inode". In that respect it is secure.
But the name of the child directory is stored in the parent directory, as a directory is a special file that contains the names of the files (and as such child directories too) it contains. And in the parent directory every user/group has got write permissions.
Therefore a user who does not own the child directory can rename it, or remove the child directory if it is empty. On some systems it may even be moved to another directory where he/she has write permissions if it's in the same file system.
3
You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the..
entry in it.
â Stéphane Chazelas
Sep 19 at 21:06
1
Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained underEACCES
inman 2 rename
.
â Joseph Sible
Sep 19 at 22:42
@Stéphane Chazelas : Good point. Edited.
â Hkoof
Sep 20 at 6:35
add a comment |Â
up vote
1
down vote
Indeed: you cannot change permissions of the child directory because the permissions are stored per-file/directory in -what is called- the "inode". In that respect it is secure.
But the name of the child directory is stored in the parent directory, as a directory is a special file that contains the names of the files (and as such child directories too) it contains. And in the parent directory every user/group has got write permissions.
Therefore a user who does not own the child directory can rename it, or remove the child directory if it is empty. On some systems it may even be moved to another directory where he/she has write permissions if it's in the same file system.
3
You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the..
entry in it.
â Stéphane Chazelas
Sep 19 at 21:06
1
Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained underEACCES
inman 2 rename
.
â Joseph Sible
Sep 19 at 22:42
@Stéphane Chazelas : Good point. Edited.
â Hkoof
Sep 20 at 6:35
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Indeed: you cannot change permissions of the child directory because the permissions are stored per-file/directory in -what is called- the "inode". In that respect it is secure.
But the name of the child directory is stored in the parent directory, as a directory is a special file that contains the names of the files (and as such child directories too) it contains. And in the parent directory every user/group has got write permissions.
Therefore a user who does not own the child directory can rename it, or remove the child directory if it is empty. On some systems it may even be moved to another directory where he/she has write permissions if it's in the same file system.
Indeed: you cannot change permissions of the child directory because the permissions are stored per-file/directory in -what is called- the "inode". In that respect it is secure.
But the name of the child directory is stored in the parent directory, as a directory is a special file that contains the names of the files (and as such child directories too) it contains. And in the parent directory every user/group has got write permissions.
Therefore a user who does not own the child directory can rename it, or remove the child directory if it is empty. On some systems it may even be moved to another directory where he/she has write permissions if it's in the same file system.
edited Sep 20 at 6:33
answered Sep 19 at 20:52
Hkoof
93266
93266
3
You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the..
entry in it.
â Stéphane Chazelas
Sep 19 at 21:06
1
Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained underEACCES
inman 2 rename
.
â Joseph Sible
Sep 19 at 22:42
@Stéphane Chazelas : Good point. Edited.
â Hkoof
Sep 20 at 6:35
add a comment |Â
3
You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the..
entry in it.
â Stéphane Chazelas
Sep 19 at 21:06
1
Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained underEACCES
inman 2 rename
.
â Joseph Sible
Sep 19 at 22:42
@Stéphane Chazelas : Good point. Edited.
â Hkoof
Sep 20 at 6:35
3
3
You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the
..
entry in it.â Stéphane Chazelas
Sep 19 at 21:06
You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the
..
entry in it.â Stéphane Chazelas
Sep 19 at 21:06
1
1
Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained under
EACCES
in man 2 rename
.â Joseph Sible
Sep 19 at 22:42
Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained under
EACCES
in man 2 rename
.â Joseph Sible
Sep 19 at 22:42
@Stéphane Chazelas : Good point. Edited.
â Hkoof
Sep 20 at 6:35
@Stéphane Chazelas : Good point. Edited.
â Hkoof
Sep 20 at 6:35
add a comment |Â
up vote
0
down vote
By POSIX, changing the subdirectory permissions should not work:
Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, shall be permitted to change the file mode bits of a file.
But the rename should work, it only requires write access to the containing directory:
(root) /tmp# mkdir -p one/two; chmod 0777 one; chmod 0700 one/two
(user) /tmp/one$ mv two three && echo ok
ok
Though at least on Linux, setting the sticky bit will prevent that, as it will prevent removing files and directories you don't own:
(root) /tmp# chmod +t one
(user) /tmp/one$ mv three four
mv: cannot move 'three' to 'four': Operation not permitted
I'll freely admit I have no idea about any HP-UX specific features that would affect this.
How much of a problem it is that someone could rename the subdirectory depends on what you're doing with those directories. The user who has access only to the the top-level directory can't read any files in the subdirectory so in that sense you're safe. But since they can rename and recreate a directory with the same name, they could impersonate whatever is supposed to be there.
That would matter if e.g. some external service reads files in the subdirectory. Think something like the directory where crontab
files are kept; you wouldn't want anyone to be able to create a crontab
in someone else's name.
add a comment |Â
up vote
0
down vote
By POSIX, changing the subdirectory permissions should not work:
Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, shall be permitted to change the file mode bits of a file.
But the rename should work, it only requires write access to the containing directory:
(root) /tmp# mkdir -p one/two; chmod 0777 one; chmod 0700 one/two
(user) /tmp/one$ mv two three && echo ok
ok
Though at least on Linux, setting the sticky bit will prevent that, as it will prevent removing files and directories you don't own:
(root) /tmp# chmod +t one
(user) /tmp/one$ mv three four
mv: cannot move 'three' to 'four': Operation not permitted
I'll freely admit I have no idea about any HP-UX specific features that would affect this.
How much of a problem it is that someone could rename the subdirectory depends on what you're doing with those directories. The user who has access only to the the top-level directory can't read any files in the subdirectory so in that sense you're safe. But since they can rename and recreate a directory with the same name, they could impersonate whatever is supposed to be there.
That would matter if e.g. some external service reads files in the subdirectory. Think something like the directory where crontab
files are kept; you wouldn't want anyone to be able to create a crontab
in someone else's name.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
By POSIX, changing the subdirectory permissions should not work:
Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, shall be permitted to change the file mode bits of a file.
But the rename should work, it only requires write access to the containing directory:
(root) /tmp# mkdir -p one/two; chmod 0777 one; chmod 0700 one/two
(user) /tmp/one$ mv two three && echo ok
ok
Though at least on Linux, setting the sticky bit will prevent that, as it will prevent removing files and directories you don't own:
(root) /tmp# chmod +t one
(user) /tmp/one$ mv three four
mv: cannot move 'three' to 'four': Operation not permitted
I'll freely admit I have no idea about any HP-UX specific features that would affect this.
How much of a problem it is that someone could rename the subdirectory depends on what you're doing with those directories. The user who has access only to the the top-level directory can't read any files in the subdirectory so in that sense you're safe. But since they can rename and recreate a directory with the same name, they could impersonate whatever is supposed to be there.
That would matter if e.g. some external service reads files in the subdirectory. Think something like the directory where crontab
files are kept; you wouldn't want anyone to be able to create a crontab
in someone else's name.
By POSIX, changing the subdirectory permissions should not work:
Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, shall be permitted to change the file mode bits of a file.
But the rename should work, it only requires write access to the containing directory:
(root) /tmp# mkdir -p one/two; chmod 0777 one; chmod 0700 one/two
(user) /tmp/one$ mv two three && echo ok
ok
Though at least on Linux, setting the sticky bit will prevent that, as it will prevent removing files and directories you don't own:
(root) /tmp# chmod +t one
(user) /tmp/one$ mv three four
mv: cannot move 'three' to 'four': Operation not permitted
I'll freely admit I have no idea about any HP-UX specific features that would affect this.
How much of a problem it is that someone could rename the subdirectory depends on what you're doing with those directories. The user who has access only to the the top-level directory can't read any files in the subdirectory so in that sense you're safe. But since they can rename and recreate a directory with the same name, they could impersonate whatever is supposed to be there.
That would matter if e.g. some external service reads files in the subdirectory. Think something like the directory where crontab
files are kept; you wouldn't want anyone to be able to create a crontab
in someone else's name.
edited Sep 19 at 21:07
answered Sep 19 at 21:02
ilkkachu
52.3k679144
52.3k679144
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f470117%2fcan-you-change-permissions-for-a-child-directory-that-you-do-not-own%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
â Andy Dalton
Sep 19 at 20:48
I think it was a student's name used as the group name that unfortunately looked like a type of permission.
â Mark Stewart
Sep 19 at 20:49
Actually thatâÂÂs supposed to be rwx, but autocorrect is my enemy once again
â Macimoar
Sep 19 at 20:51