But it's that what read does? "access"
LOL
Nope. Read just let's lets you list the files. Not access them.
Here are the files. Do not touch them.
Write lets you create files, but not access them. Thus, pen at the ready and... nothing.
If you have execute/access permission, but not read permission, you can access files, but you better know what they're named and whether they exist or not.
I've always thought that having read or write permission for a folder should basically imply execute/access, but that's not the reality.
I concur.
Directories = 755
Files = 644
.htaccess - 0400
And these can be tightened on many "static" sites.
To see this, you can try something like
cd /tmp
mkdir -p demo/demo2
touch demo/demo2/{hello,there}
chmod 444 demo/demo2
chmod 111 demo
ls demo
ls demo/demo2
cat demo/demo2/hello
As you said, r
for a directory allows you to list the contents, while x
allows you to make use of the contents if you already know their names. The r
alone won't allow you to use the files or subdirectories inside (nor can you cd
to the directory with r
permission alone), while the x
alone won't allow you to find out the names of the files with ls
, shell globbing, tab completion, or in principle any other method.
Here is another version of the same experiment
cd /tmp
mkdir secret
echo hello > secret/abcdefghijklmnopqrstuvwxyz
chmod 111 secret
ls secret
cat secret/*
cat secret/abcdefghijklmnopqrstuvwxyz
chmod 444 secret
ls secret
cat secret/abcdefghijklmnopqrstuvwxyz
Note that in the 111
case, the ls
and *
fail but the cat
by name works; in the 444
case, the ls
succeeds but the cat
fails.
With 500 or greater permissions (r-x
) both will work.
Fun times with permissional weirdness. I read somewhere that the execute/access/"search" bit for directories allows you to "find" the inode and without it you're on your own, but if you do know where it is you can operate on it directly. Sounds like security by difficulty.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.