0

I found a folder whose ls -ld output goes like this

drwxr-x--- 14 root somegroup  12K Jan 13 20:10 somefolder

I dont belong to the group somegroup as found from the groups command. Rules say that i shouldn't be able to access any of the subfolders of this group, if i am not root and if i am not in somegroup. But somehow i can freely cd into that folder, and access all the subfolders inside the directory.

Is there a parallel mechanism through which access is managed in Unix ? Is there a way to check it ? Some comments in the link seems to suggest services like LDAP can do that. I have heard LDAP somewhere in my work context. But i am unable to figure out head from tail, searching online about this.

Harish Ganesan
  • 1
  • ACLs probalby. Any results with getfacl somefolder? – FelixJN Jan 21 '22 at 18:12
  • getfacl is returning the same stuff in a different format. user=root group=somegroup access=750 etc.. – Harish Ganesan Jan 21 '22 at 18:17
  • When you cd into the somefolder, what is the output of ls -ld . (there is a . at the end of that command)? – icarus Jan 21 '22 at 19:41
  • I don't think there is a parallel access system. Even the hooks used by apparmor can't grant access where it is otherwise denied. Is it possible that there are two groups with the same gid (number). Group membership is recorded on the group record, but access control is controlled by gid number. – Philip Couling Jan 21 '22 at 20:24
  • 2
    There are no ACL's in operation as there would be a + sign after the permissions. This could be due to that being a mount point and what is controlling it is the permissions on the directory pre-mount. This certainly happened on AIX circa 2010. A number of times I had to arrange a umount... chmod... mount... by the admins. – Bib Jan 22 '22 at 11:00
  • @icarus I can view files inside. And i am guessing i will see the same output doing ls -ld . – Harish Ganesan Jan 23 '22 at 13:33
  • @Bib I will check that when i get the opportunity. – Harish Ganesan Jan 23 '22 at 13:35

0 Answers0