Can you change permissions for a child directory that you do not own?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite
1













Picture a scenario in which you have a parent and a child directory. In the parent directory you have given group rwx. Below that directory you have a directory in which the group permissions are --- (so no permissions.) Is this secure? Why or why not?




This setup immediately struck me as not secure; my original thinking was that since group had all permissions in the parent directory, they can change the permissions of the child. But when we tested this theory it didn't work.
I created a directory Test and changed permissions with chmod 777 Test; then, inside that directory, I created a directory ChildTest and set permissions with chmod 700 ChildTest, thereby setting up the parameters in the question.
Then my friend cd'd into my Test directory and tried several different things to try to access ChildTest: (Our HP/UX environment uses ksh)



cp -R ChildTest ~
chmod 777 ChildTest
mkdir New
mv ChildTest New # (also tried this with cp)


All of which fail because he did not own ChildTest. So we were thinking maybe it was more secure than we thought. We asked the professor, who again, alluded to the fact that it wasn't secure at all, but wouldn't give us any information more than "You need to do it with two people, because its too easy to change your own permissions" (which really confused us because... we were?)



So anyway, I'm sure that this set up is in fact not secure, but I just don't know how to prove it. I don't want the answer given to me, but maybe just a push in the right direction or confirmation that I'm on the right track would be great.










share|improve this question























  • Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
    – Andy Dalton
    Sep 19 at 20:48










  • I think it was a student's name used as the group name that unfortunately looked like a type of permission.
    – Mark Stewart
    Sep 19 at 20:49










  • Actually that’s supposed to be rwx, but autocorrect is my enemy once again
    – Macimoar
    Sep 19 at 20:51














up vote
1
down vote

favorite
1













Picture a scenario in which you have a parent and a child directory. In the parent directory you have given group rwx. Below that directory you have a directory in which the group permissions are --- (so no permissions.) Is this secure? Why or why not?




This setup immediately struck me as not secure; my original thinking was that since group had all permissions in the parent directory, they can change the permissions of the child. But when we tested this theory it didn't work.
I created a directory Test and changed permissions with chmod 777 Test; then, inside that directory, I created a directory ChildTest and set permissions with chmod 700 ChildTest, thereby setting up the parameters in the question.
Then my friend cd'd into my Test directory and tried several different things to try to access ChildTest: (Our HP/UX environment uses ksh)



cp -R ChildTest ~
chmod 777 ChildTest
mkdir New
mv ChildTest New # (also tried this with cp)


All of which fail because he did not own ChildTest. So we were thinking maybe it was more secure than we thought. We asked the professor, who again, alluded to the fact that it wasn't secure at all, but wouldn't give us any information more than "You need to do it with two people, because its too easy to change your own permissions" (which really confused us because... we were?)



So anyway, I'm sure that this set up is in fact not secure, but I just don't know how to prove it. I don't want the answer given to me, but maybe just a push in the right direction or confirmation that I'm on the right track would be great.










share|improve this question























  • Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
    – Andy Dalton
    Sep 19 at 20:48










  • I think it was a student's name used as the group name that unfortunately looked like a type of permission.
    – Mark Stewart
    Sep 19 at 20:49










  • Actually that’s supposed to be rwx, but autocorrect is my enemy once again
    – Macimoar
    Sep 19 at 20:51












up vote
1
down vote

favorite
1









up vote
1
down vote

favorite
1






1






Picture a scenario in which you have a parent and a child directory. In the parent directory you have given group rwx. Below that directory you have a directory in which the group permissions are --- (so no permissions.) Is this secure? Why or why not?




This setup immediately struck me as not secure; my original thinking was that since group had all permissions in the parent directory, they can change the permissions of the child. But when we tested this theory it didn't work.
I created a directory Test and changed permissions with chmod 777 Test; then, inside that directory, I created a directory ChildTest and set permissions with chmod 700 ChildTest, thereby setting up the parameters in the question.
Then my friend cd'd into my Test directory and tried several different things to try to access ChildTest: (Our HP/UX environment uses ksh)



cp -R ChildTest ~
chmod 777 ChildTest
mkdir New
mv ChildTest New # (also tried this with cp)


All of which fail because he did not own ChildTest. So we were thinking maybe it was more secure than we thought. We asked the professor, who again, alluded to the fact that it wasn't secure at all, but wouldn't give us any information more than "You need to do it with two people, because its too easy to change your own permissions" (which really confused us because... we were?)



So anyway, I'm sure that this set up is in fact not secure, but I just don't know how to prove it. I don't want the answer given to me, but maybe just a push in the right direction or confirmation that I'm on the right track would be great.










share|improve this question
















Picture a scenario in which you have a parent and a child directory. In the parent directory you have given group rwx. Below that directory you have a directory in which the group permissions are --- (so no permissions.) Is this secure? Why or why not?




This setup immediately struck me as not secure; my original thinking was that since group had all permissions in the parent directory, they can change the permissions of the child. But when we tested this theory it didn't work.
I created a directory Test and changed permissions with chmod 777 Test; then, inside that directory, I created a directory ChildTest and set permissions with chmod 700 ChildTest, thereby setting up the parameters in the question.
Then my friend cd'd into my Test directory and tried several different things to try to access ChildTest: (Our HP/UX environment uses ksh)



cp -R ChildTest ~
chmod 777 ChildTest
mkdir New
mv ChildTest New # (also tried this with cp)


All of which fail because he did not own ChildTest. So we were thinking maybe it was more secure than we thought. We asked the professor, who again, alluded to the fact that it wasn't secure at all, but wouldn't give us any information more than "You need to do it with two people, because its too easy to change your own permissions" (which really confused us because... we were?)



So anyway, I'm sure that this set up is in fact not secure, but I just don't know how to prove it. I don't want the answer given to me, but maybe just a push in the right direction or confirmation that I'm on the right track would be great.







permissions directory-structure hp-ux






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Sep 19 at 20:52









Goro

6,16552763




6,16552763










asked Sep 19 at 20:06









Macimoar

63




63











  • Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
    – Andy Dalton
    Sep 19 at 20:48










  • I think it was a student's name used as the group name that unfortunately looked like a type of permission.
    – Mark Stewart
    Sep 19 at 20:49










  • Actually that’s supposed to be rwx, but autocorrect is my enemy once again
    – Macimoar
    Sep 19 at 20:51
















  • Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
    – Andy Dalton
    Sep 19 at 20:48










  • I think it was a student's name used as the group name that unfortunately looked like a type of permission.
    – Mark Stewart
    Sep 19 at 20:49










  • Actually that’s supposed to be rwx, but autocorrect is my enemy once again
    – Macimoar
    Sep 19 at 20:51















Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
– Andy Dalton
Sep 19 at 20:48




Hi, and welcome! What is does "group Rex" mean? Is a group name, or does it mean "read/execute"?
– Andy Dalton
Sep 19 at 20:48












I think it was a student's name used as the group name that unfortunately looked like a type of permission.
– Mark Stewart
Sep 19 at 20:49




I think it was a student's name used as the group name that unfortunately looked like a type of permission.
– Mark Stewart
Sep 19 at 20:49












Actually that’s supposed to be rwx, but autocorrect is my enemy once again
– Macimoar
Sep 19 at 20:51




Actually that’s supposed to be rwx, but autocorrect is my enemy once again
– Macimoar
Sep 19 at 20:51










2 Answers
2






active

oldest

votes

















up vote
1
down vote













Indeed: you cannot change permissions of the child directory because the permissions are stored per-file/directory in -what is called- the "inode". In that respect it is secure.



But the name of the child directory is stored in the parent directory, as a directory is a special file that contains the names of the files (and as such child directories too) it contains. And in the parent directory every user/group has got write permissions.



Therefore a user who does not own the child directory can rename it, or remove the child directory if it is empty. On some systems it may even be moved to another directory where he/she has write permissions if it's in the same file system.






share|improve this answer


















  • 3




    You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the .. entry in it.
    – Stéphane Chazelas
    Sep 19 at 21:06






  • 1




    Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained under EACCES in man 2 rename.
    – Joseph Sible
    Sep 19 at 22:42











  • @Stéphane Chazelas : Good point. Edited.
    – Hkoof
    Sep 20 at 6:35


















up vote
0
down vote













By POSIX, changing the subdirectory permissions should not work:




Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, shall be permitted to change the file mode bits of a file.




But the rename should work, it only requires write access to the containing directory:



(root) /tmp# mkdir -p one/two; chmod 0777 one; chmod 0700 one/two
(user) /tmp/one$ mv two three && echo ok
ok


Though at least on Linux, setting the sticky bit will prevent that, as it will prevent removing files and directories you don't own:



(root) /tmp# chmod +t one
(user) /tmp/one$ mv three four
mv: cannot move 'three' to 'four': Operation not permitted


I'll freely admit I have no idea about any HP-UX specific features that would affect this.



How much of a problem it is that someone could rename the subdirectory depends on what you're doing with those directories. The user who has access only to the the top-level directory can't read any files in the subdirectory so in that sense you're safe. But since they can rename and recreate a directory with the same name, they could impersonate whatever is supposed to be there.



That would matter if e.g. some external service reads files in the subdirectory. Think something like the directory where crontab files are kept; you wouldn't want anyone to be able to create a crontab in someone else's name.






share|improve this answer






















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f470117%2fcan-you-change-permissions-for-a-child-directory-that-you-do-not-own%23new-answer', 'question_page');

    );

    Post as a guest






























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote













    Indeed: you cannot change permissions of the child directory because the permissions are stored per-file/directory in -what is called- the "inode". In that respect it is secure.



    But the name of the child directory is stored in the parent directory, as a directory is a special file that contains the names of the files (and as such child directories too) it contains. And in the parent directory every user/group has got write permissions.



    Therefore a user who does not own the child directory can rename it, or remove the child directory if it is empty. On some systems it may even be moved to another directory where he/she has write permissions if it's in the same file system.






    share|improve this answer


















    • 3




      You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the .. entry in it.
      – Stéphane Chazelas
      Sep 19 at 21:06






    • 1




      Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained under EACCES in man 2 rename.
      – Joseph Sible
      Sep 19 at 22:42











    • @Stéphane Chazelas : Good point. Edited.
      – Hkoof
      Sep 20 at 6:35















    up vote
    1
    down vote













    Indeed: you cannot change permissions of the child directory because the permissions are stored per-file/directory in -what is called- the "inode". In that respect it is secure.



    But the name of the child directory is stored in the parent directory, as a directory is a special file that contains the names of the files (and as such child directories too) it contains. And in the parent directory every user/group has got write permissions.



    Therefore a user who does not own the child directory can rename it, or remove the child directory if it is empty. On some systems it may even be moved to another directory where he/she has write permissions if it's in the same file system.






    share|improve this answer


















    • 3




      You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the .. entry in it.
      – Stéphane Chazelas
      Sep 19 at 21:06






    • 1




      Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained under EACCES in man 2 rename.
      – Joseph Sible
      Sep 19 at 22:42











    • @Stéphane Chazelas : Good point. Edited.
      – Hkoof
      Sep 20 at 6:35













    up vote
    1
    down vote










    up vote
    1
    down vote









    Indeed: you cannot change permissions of the child directory because the permissions are stored per-file/directory in -what is called- the "inode". In that respect it is secure.



    But the name of the child directory is stored in the parent directory, as a directory is a special file that contains the names of the files (and as such child directories too) it contains. And in the parent directory every user/group has got write permissions.



    Therefore a user who does not own the child directory can rename it, or remove the child directory if it is empty. On some systems it may even be moved to another directory where he/she has write permissions if it's in the same file system.






    share|improve this answer














    Indeed: you cannot change permissions of the child directory because the permissions are stored per-file/directory in -what is called- the "inode". In that respect it is secure.



    But the name of the child directory is stored in the parent directory, as a directory is a special file that contains the names of the files (and as such child directories too) it contains. And in the parent directory every user/group has got write permissions.



    Therefore a user who does not own the child directory can rename it, or remove the child directory if it is empty. On some systems it may even be moved to another directory where he/she has write permissions if it's in the same file system.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Sep 20 at 6:33

























    answered Sep 19 at 20:52









    Hkoof

    93266




    93266







    • 3




      You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the .. entry in it.
      – Stéphane Chazelas
      Sep 19 at 21:06






    • 1




      Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained under EACCES in man 2 rename.
      – Joseph Sible
      Sep 19 at 22:42











    • @Stéphane Chazelas : Good point. Edited.
      – Hkoof
      Sep 20 at 6:35













    • 3




      You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the .. entry in it.
      – Stéphane Chazelas
      Sep 19 at 21:06






    • 1




      Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained under EACCES in man 2 rename.
      – Joseph Sible
      Sep 19 at 22:42











    • @Stéphane Chazelas : Good point. Edited.
      – Hkoof
      Sep 20 at 6:35








    3




    3




    You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the .. entry in it.
    – Stéphane Chazelas
    Sep 19 at 21:06




    You can rename it to a different name in that same directory, but not all systems will let you move it to another directory if you don't have write access to it as that involves changing the .. entry in it.
    – Stéphane Chazelas
    Sep 19 at 21:06




    1




    1




    Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained under EACCES in man 2 rename.
    – Joseph Sible
    Sep 19 at 22:42





    Linux is one such system where moving a directory without write permission into another directory isn't allowed, as explained under EACCES in man 2 rename.
    – Joseph Sible
    Sep 19 at 22:42













    @Stéphane Chazelas : Good point. Edited.
    – Hkoof
    Sep 20 at 6:35





    @Stéphane Chazelas : Good point. Edited.
    – Hkoof
    Sep 20 at 6:35













    up vote
    0
    down vote













    By POSIX, changing the subdirectory permissions should not work:




    Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, shall be permitted to change the file mode bits of a file.




    But the rename should work, it only requires write access to the containing directory:



    (root) /tmp# mkdir -p one/two; chmod 0777 one; chmod 0700 one/two
    (user) /tmp/one$ mv two three && echo ok
    ok


    Though at least on Linux, setting the sticky bit will prevent that, as it will prevent removing files and directories you don't own:



    (root) /tmp# chmod +t one
    (user) /tmp/one$ mv three four
    mv: cannot move 'three' to 'four': Operation not permitted


    I'll freely admit I have no idea about any HP-UX specific features that would affect this.



    How much of a problem it is that someone could rename the subdirectory depends on what you're doing with those directories. The user who has access only to the the top-level directory can't read any files in the subdirectory so in that sense you're safe. But since they can rename and recreate a directory with the same name, they could impersonate whatever is supposed to be there.



    That would matter if e.g. some external service reads files in the subdirectory. Think something like the directory where crontab files are kept; you wouldn't want anyone to be able to create a crontab in someone else's name.






    share|improve this answer


























      up vote
      0
      down vote













      By POSIX, changing the subdirectory permissions should not work:




      Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, shall be permitted to change the file mode bits of a file.




      But the rename should work, it only requires write access to the containing directory:



      (root) /tmp# mkdir -p one/two; chmod 0777 one; chmod 0700 one/two
      (user) /tmp/one$ mv two three && echo ok
      ok


      Though at least on Linux, setting the sticky bit will prevent that, as it will prevent removing files and directories you don't own:



      (root) /tmp# chmod +t one
      (user) /tmp/one$ mv three four
      mv: cannot move 'three' to 'four': Operation not permitted


      I'll freely admit I have no idea about any HP-UX specific features that would affect this.



      How much of a problem it is that someone could rename the subdirectory depends on what you're doing with those directories. The user who has access only to the the top-level directory can't read any files in the subdirectory so in that sense you're safe. But since they can rename and recreate a directory with the same name, they could impersonate whatever is supposed to be there.



      That would matter if e.g. some external service reads files in the subdirectory. Think something like the directory where crontab files are kept; you wouldn't want anyone to be able to create a crontab in someone else's name.






      share|improve this answer
























        up vote
        0
        down vote










        up vote
        0
        down vote









        By POSIX, changing the subdirectory permissions should not work:




        Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, shall be permitted to change the file mode bits of a file.




        But the rename should work, it only requires write access to the containing directory:



        (root) /tmp# mkdir -p one/two; chmod 0777 one; chmod 0700 one/two
        (user) /tmp/one$ mv two three && echo ok
        ok


        Though at least on Linux, setting the sticky bit will prevent that, as it will prevent removing files and directories you don't own:



        (root) /tmp# chmod +t one
        (user) /tmp/one$ mv three four
        mv: cannot move 'three' to 'four': Operation not permitted


        I'll freely admit I have no idea about any HP-UX specific features that would affect this.



        How much of a problem it is that someone could rename the subdirectory depends on what you're doing with those directories. The user who has access only to the the top-level directory can't read any files in the subdirectory so in that sense you're safe. But since they can rename and recreate a directory with the same name, they could impersonate whatever is supposed to be there.



        That would matter if e.g. some external service reads files in the subdirectory. Think something like the directory where crontab files are kept; you wouldn't want anyone to be able to create a crontab in someone else's name.






        share|improve this answer














        By POSIX, changing the subdirectory permissions should not work:




        Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, shall be permitted to change the file mode bits of a file.




        But the rename should work, it only requires write access to the containing directory:



        (root) /tmp# mkdir -p one/two; chmod 0777 one; chmod 0700 one/two
        (user) /tmp/one$ mv two three && echo ok
        ok


        Though at least on Linux, setting the sticky bit will prevent that, as it will prevent removing files and directories you don't own:



        (root) /tmp# chmod +t one
        (user) /tmp/one$ mv three four
        mv: cannot move 'three' to 'four': Operation not permitted


        I'll freely admit I have no idea about any HP-UX specific features that would affect this.



        How much of a problem it is that someone could rename the subdirectory depends on what you're doing with those directories. The user who has access only to the the top-level directory can't read any files in the subdirectory so in that sense you're safe. But since they can rename and recreate a directory with the same name, they could impersonate whatever is supposed to be there.



        That would matter if e.g. some external service reads files in the subdirectory. Think something like the directory where crontab files are kept; you wouldn't want anyone to be able to create a crontab in someone else's name.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Sep 19 at 21:07

























        answered Sep 19 at 21:02









        ilkkachu

        52.3k679144




        52.3k679144



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f470117%2fcan-you-change-permissions-for-a-child-directory-that-you-do-not-own%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?