Re: Why is chmod(2)?

Casey Schaufler (casey@sgi.com)
Thu, 23 Sep 1999 13:37:11 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ari Pollak: "ESS Solo 1 MIDI"
Previous message: Alex Nicolaou: "Re: Why is chmod(2)?"
Maybe in reply to: Kristian Koehntopp: "Why is chmod(2)?"
Next in thread: Alex Nicolaou: "Re: Why is chmod(2)?"

Alex Nicolaou wrote:
>
> Casey Schaufler wrote:
>
> > No, a file with mode 000 (---------- for you young'uns) ought not
> > be openable by unprivileged users, period.
>
> Hmm, I learned something new today. Why can a file with mode 000 be
> opened by root? This facility seems pointless since root can always
> chmod the file?

First, if you're using capabilities, the privileges are seperate.
Otherwise, it's a matter of which access should you chmod to. You
could do like exec, where anyone having execute access means the
privileged user can, but without that you have to go searching
about to determine the least access you can provide and have root
get it. Presummably the file will be neither owned by root or
root's group, in which case you have to chmod it to 006, which
gives the world access.

Casey Schaufler voice: (650) 933-1634 casey@sgi.com fax: (650) 933-0170

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Ari Pollak: "ESS Solo 1 MIDI"
Previous message: Alex Nicolaou: "Re: Why is chmod(2)?"
Maybe in reply to: Kristian Koehntopp: "Why is chmod(2)?"
Next in thread: Alex Nicolaou: "Re: Why is chmod(2)?"