5

if I have a folder that's restricted with say 600, thus no access for group or everyone, but the folder contains files with 777, would this be safe?

Are there any work-arounds to access the 777 file as group or everyone, despite it residing inside a 600 folder?

Woodstock
  • 408

4 Answers4

5

You can't access/enter a directory (or create files) with permissions set to 600 as a regular user. You are also not able to acces/list (well, sort of) files at all with said folder permissions.

BulletBob
  • 646
  • ok so to confirm, even though files inside may be 777, the directory will protect those completely open files, due to the directory itself being more restricted? – Woodstock Mar 04 '20 at 12:09
  • No. You can not acces files, list the content or enter a directory with permissions set to 600 (you also need permissions to execute). – BulletBob Mar 04 '20 at 12:19
  • 4
    @Woodstock you are right. The directory is restricted (no permissions at all), so nothing inside it will be available. You can think about it as a house with a locked front door, even if the rooms doors are open you will not be able to get into them. – Eduardo Trápani Mar 04 '20 at 12:52
  • 1
    that's a really clear analogy, thank you very much @EduardoTrápani! – Woodstock Mar 04 '20 at 12:53
  • "or create files" -- I was going to say that it depended on write permission, like this answer says. However, on checking, you seem to be right. What is a directory's write permission for then? – JoL Mar 04 '20 at 21:53
  • @JoL "What is a directory's write permission for then?" To be able to create files in it. – user7761803 Mar 04 '20 at 22:07
5

If any of the files has additional hard links located outside the 600 directory, they will be able to access those files using that alternate path. But this won't give them access to any of the other files.

But if the hard links don't already exist, there's no way for them to create them, since creating a hard link to a file requires access to the directory containing the file.

Barmar
  • 9,927
3

Given that there are no other mechanisms (e.g. ACL, xattr?) play a role then on a extX-file system you should be save. Nevertheless, a careless modification to the permissions or the directory could leave your files exposed.

bey0nd
  • 937
2

You should consider using Access control lists for that. Also not having executable permission on the directory will prohibit non-root users from accessing the directory. Again, check ACLs.

How to manage ACLs on Linux

GAD3R
  • 66,769
Karov
  • 113