ch22_12.htm

the unix power tools

<HTML
><!--Distributed by F --><HEAD
><TITLE
>[Chapter 22] 22.12 A Directory that People Can Access but Can't List </TITLE
><META
NAME="DC.title"
CONTENT="UNIX Power Tools"><META
NAME="DC.creator"
CONTENT="Jerry Peek, Tim O'Reilly &amp; Mike Loukides"><META
NAME="DC.publisher"
CONTENT="O'Reilly &amp; Associates, Inc."><META
NAME="DC.date"
CONTENT="1998-08-04T21:40:32Z"><META
NAME="DC.type"
CONTENT="Text.Monograph"><META
NAME="DC.format"
CONTENT="text/html"
SCHEME="MIME"><META
NAME="DC.source"
CONTENT="1-56592-260-3"
SCHEME="ISBN"><META
NAME="DC.language"
CONTENT="en-US"><META
NAME="generator"
CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"><LINK
REV="made"
HREF="mailto:online-books@oreilly.com"
TITLE="Online Books Comments"><LINK
REL="up"
HREF="ch22_01.htm"
TITLE="22. File Security, Ownership, and Sharing"><LINK
REL="prev"
HREF="ch22_11.htm"
TITLE="22.11 A Loophole: Modifying Files Without Write Access"><LINK
REL="next"
HREF="ch22_13.htm"
TITLE="22.13 Groups and Group Ownership "></HEAD
><BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
><DIV
CLASS="htmlnav"
><H1
><IMG
SRC="gifs/smbanner.gif"
ALT="UNIX Power Tools"
USEMAP="#srchmap"
BORDER="0"></H1
><MAP
NAME="srchmap"
><AREA
SHAPE="RECT"
COORDS="0,0,466,58"
HREF="index.htm"
ALT="UNIX Power Tools"><AREA
SHAPE="RECT"
COORDS="467,0,514,18"
HREF="jobjects/fsearch.htm"
ALT="Search this book"></MAP
><TABLE
WIDTH="515"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_11.htm"
TITLE="22.11 A Loophole: Modifying Files Without Write Access"
><IMG
SRC="gifs/txtpreva.gif"
SRC="gifs/txtpreva.gif"
ALT="Previous: 22.11 A Loophole: Modifying Files Without Write Access"
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><B
><FONT
FACE="ARIEL,HELVETICA,HELV,SANSERIF"
SIZE="-1"
>Chapter 22<BR>File Security, Ownership, and Sharing</FONT
></B
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_13.htm"
TITLE="22.13 Groups and Group Ownership "
><IMG
SRC="gifs/txtnexta.gif"
SRC="gifs/txtnexta.gif"
ALT="Next: 22.13 Groups and Group Ownership "
BORDER="0"></A
></TD
></TR
></TABLE
>&nbsp;<HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"></DIV
><DIV
CLASS="SECT1"
><H2
CLASS="sect1"
><A
CLASS="title"
NAME="UPT-ART-3010"
>22.12 A Directory that People Can Access but Can't List </A
></H2
><P
CLASS="para"
><A
CLASS="indexterm"
NAME="AUTOID-24393"
></A
><A
CLASS="indexterm"
NAME="AUTOID-24396"
></A
>Do you need to let someone use a file of yours, but you don't want everyone
on the system to be able to snoop around in the directory?
You can give execute permission, but not read permission, to a directory.
Then, if a file in the directory is accessible, a person can use
the file by typing the exact filename.
<EM
CLASS="emphasis"
>ls</EM
> will say the directory is &quot;unreadable.&quot;
Wildcards won't work.</P
><P
CLASS="para"
>Here's an example.
Let's say that your home directory has <CODE
CLASS="literal"
>rwxr-xr-x</CODE
> permissions (everyone can
access and list files in it).
Your username is <EM
CLASS="emphasis"
>hanna</EM
>.
You have a subdirectory named <EM
CLASS="emphasis"
>project</EM
>; you set
its permissions so that
everyone else on the system has execute-only permission.</P
><P
CLASS="para"
><TABLE
CLASS="screen.co"
BORDER="1"
><TR
><TH
VALIGN="TOP"
><PRE
CLASS="calloutlist"
>
&#13;

<A
CLASS="co"
HREF="ch16_08.htm"
TITLE="16.8 The ls -d Option "
>-d</A
> 
&#13;</PRE
></TH
><TD
VALIGN="TOP"
><PRE
CLASS="screen"
>
hanna% <CODE
CLASS="userinput"
><B
>pwd</B
></CODE
>
/home/hanna
hanna% <CODE
CLASS="userinput"
><B
>chmod 711 project</B
></CODE
>
hanna% <CODE
CLASS="userinput"
><B
>ls -ld project project/myplan</B
></CODE
>
drwx--x--x  2    hanna     512  Jul 26 12:14 project
-rw-r--r--  1    hanna    9284  Jul 27 17:34 project/myplan</PRE
></TD
></TR
></TABLE
></P
><P
CLASS="para"
>Now you tell the other user, <EM
CLASS="emphasis"
>toria</EM
>, the exact name of your file,
<EM
CLASS="emphasis"
>myplan</EM
>.
Like everyone else on the system, she can access your <EM
CLASS="emphasis"
>project</EM
> directory.
She can't list it because she doesn't have read permission.
Because she knows the exact filename, she can read the file because the file
is readable
(anyone else could read the file, too, if they knew its exact name):</P
><P
CLASS="para"
><BLOCKQUOTE
CLASS="screen"
><PRE
CLASS="screen"
>toria% <CODE
CLASS="userinput"
><B
>cd /home/hanna/project</B
></CODE
>
toria% <CODE
CLASS="userinput"
><B
>pwd</B
></CODE
>
pwd: can't read .
toria% <CODE
CLASS="userinput"
><B
>ls</B
></CODE
>
ls: . unreadable
toria% <CODE
CLASS="userinput"
><B
>more myplan</B
></CODE
>
   ...<EM
CLASS="emphasis"
>File appears</EM
>...
toria% <CODE
CLASS="userinput"
><B
>ln myplan /home/toria/project.hanna/plan</B
></CODE
></PRE
></BLOCKQUOTE
></P
><P
CLASS="para"
>(We're using the &quot;real&quot; <EM
CLASS="emphasis"
>pwd</EM
> command
that reads the filesystem to find your current directory.
That's why it complains <CODE
CLASS="literal"
>can't read .</CODE
>.
If you're using the shell's shortcut <EM
CLASS="emphasis"
>pwd</EM
>, you probably won't
get the error shown above.
Article
<A
CLASS="xref"
HREF="ch14_04.htm"
TITLE="How Does UNIX Find Your Current Directory? "
>14.4</A
>
has details.)</P
><P
CLASS="para"
>In the example above, <EM
CLASS="emphasis"
>toria</EM
> made a
<SPAN
CLASS="link"
>hard link (<A
CLASS="linkend"
HREF="ch18_05.htm"
TITLE="Creating and Removing Links "
>18.5</A
>)</SPAN
>
to the <EM
CLASS="emphasis"
>myplan</EM
> file, with a different name, in her
own <EM
CLASS="emphasis"
>project.hanna</EM
> directory.
(She could have copied, printed, or used any other command that reads the file.)
Now, if you (<EM
CLASS="emphasis"
>hanna</EM
>) want to, you can deny everyone's permission to your
<EM
CLASS="emphasis"
>project</EM
> directory.
<EM
CLASS="emphasis"
>toria</EM
> still has her link to the file, though.
She can read it any time she wants to, follow the changes you make to it, and
so on:</P
><P
CLASS="para"
><BLOCKQUOTE
CLASS="screen"
><PRE
CLASS="screen"
>toria% <CODE
CLASS="userinput"
><B
>cd</B
></CODE
>
toria% <CODE
CLASS="userinput"
><B
>ls -ld project.hanna project.hanna/plan</B
></CODE
>
drwx------  2    toria     512  Jul 27 16:43 project.hanna
-rw-r--r--  2    hanna    9284  Jul 27 17:34 project.hanna/plan
toria% <CODE
CLASS="userinput"
><B
>more project.hanna/plan</B
></CODE
>
   ...<EM
CLASS="emphasis"
>File appears</EM
>...</PRE
></BLOCKQUOTE
></P
><P
CLASS="para"
><EM
CLASS="emphasis"
>toria</EM
> has protected her <EM
CLASS="emphasis"
>project.hanna</EM
> directory so that other
users can't find her link to <EM
CLASS="emphasis"
>hanna</EM
>'s file.</P
><BLOCKQUOTE
CLASS="note"
><P
CLASS="para"
><STRONG
>NOTE:</STRONG
> If <EM
CLASS="emphasis"
>hanna</EM
> denies permission to her directory, <EM
CLASS="emphasis"
>toria</EM
> can still read
the file through her hard link.
If <EM
CLASS="emphasis"
>toria</EM
> had made a symbolic link, though, she wouldn't be able to
access the file any more.
That's because
<SPAN
CLASS="link"
>a hard link keeps the file's i-number (<A
CLASS="linkend"
HREF="ch01_22.htm"
TITLE="How UNIX Keeps Track of Files: Inodes "
>1.22</A
>, <A
CLASS="linkend"
HREF="ch18_02.htm"
TITLE="What's Really in a Directory "
>18.2</A
>)</SPAN
>
but a symbolic link
doesn't.</P
></BLOCKQUOTE
><P
CLASS="para"
>You might also want to give other users permission to list and access the
files in a directory, but not make the directory open to all users.
One way to do this is to put a fully accessible directory with an unusual
name inside an unreadable directory.
Users who know the exact name of the fully accessible directory can <EM
CLASS="emphasis"
>cd</EM
>
to it; other users can't find it without its name:</P
><P
CLASS="para"
><BLOCKQUOTE
CLASS="screen"
><PRE
CLASS="screen"
>hanna% <CODE
CLASS="userinput"
><B
>chmod 711 project</B
></CODE
>
hanna% <CODE
CLASS="userinput"
><B
>chmod 777 project/pLaN</B
></CODE
>
hanna% <CODE
CLASS="userinput"
><B
>ls -ld project project/pLaN</B
></CODE
>
drwx--x--x  3    hanna     512  Jul 27 17:36 project
drwxrwxrwx  2    hanna     512  Jul 27 17:37 project/pLaN</PRE
></BLOCKQUOTE
></P
><P
CLASS="para"
>Users who type <CODE
CLASS="literal"
>cd&nbsp;/home/hanna/project/pLaN</CODE
> can list the directory's
contents with <EM
CLASS="emphasis"
>ls</EM
>.
With the permissions you've set, other users can also create, delete, and
rename files inside the <EM
CLASS="emphasis"
>pLaN</EM
> directory&nbsp;- though you could have used
more restrictive permissions like <CODE
CLASS="literal"
>drwxr-xr-x</CODE
> instead.</P
><P
CLASS="para"
>This setup can still be a little confusing.
For instance,
as article
<A
CLASS="xref"
HREF="ch14_04.htm"
TITLE="How Does UNIX Find Your Current Directory? "
>14.4</A
>
explains,
the <EM
CLASS="emphasis"
>pwd</EM
> command won't work for users in the <EM
CLASS="emphasis"
>pLaN</EM
>
directory because <EM
CLASS="emphasis"
>pwd</EM
> can't read the <EM
CLASS="emphasis"
>project</EM
> directory.
Variables like
<SPAN
CLASS="link"
><CODE
CLASS="literal"
>$cwd</CODE
> (<A
CLASS="linkend"
HREF="ch14_13.htm"
TITLE="Which Directory Am I in, Really? "
>14.13</A
>)</SPAN
>
and
<SPAN
CLASS="link"
><CODE
CLASS="literal"
>$PWD</CODE
> (<A
CLASS="linkend"
HREF="ch06_03.htm"
TITLE="Predefined Environment Variables "
>6.3</A
>)</SPAN
>
will probably have the absolute
pathname.
If another user gets lost in a restricted directory like this, the best thing
to do is <EM
CLASS="emphasis"
>cd</EM
> to the home directory and start again.</P
><DIV
CLASS="sect1info"
><P
CLASS="SECT1INFO"
>- <SPAN
CLASS="authorinitials"
>JP</SPAN
></P
></DIV
></DIV
><DIV
CLASS="htmlnav"
><P
></P
><HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"><TABLE
WIDTH="515"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_11.htm"
TITLE="22.11 A Loophole: Modifying Files Without Write Access"
><IMG
SRC="gifs/txtpreva.gif"
SRC="gifs/txtpreva.gif"
ALT="Previous: 22.11 A Loophole: Modifying Files Without Write Access"
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><A
CLASS="book"
HREF="index.htm"
TITLE="UNIX Power Tools"
><IMG
SRC="gifs/txthome.gif"
SRC="gifs/txthome.gif"
ALT="UNIX Power Tools"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_13.htm"
TITLE="22.13 Groups and Group Ownership "
><IMG
SRC="gifs/txtnexta.gif"
SRC="gifs/txtnexta.gif"
ALT="Next: 22.13 Groups and Group Ownership "
BORDER="0"></A
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
>22.11 A Loophole: Modifying Files Without Write Access</TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><A
CLASS="index"
HREF="index/idx_0.htm"
TITLE="Book Index"
><IMG
SRC="gifs/index.gif"
SRC="gifs/index.gif"
ALT="Book Index"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
>22.13 Groups and Group Ownership </TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"><IMG
SRC="gifs/smnavbar.gif"
SRC="gifs/smnavbar.gif"
USEMAP="#map"
BORDER="0"
ALT="The UNIX CD Bookshelf Navigation"><MAP
NAME="map"
><AREA
SHAPE="RECT"
COORDS="0,0,73,21"
HREF="../index.htm"
ALT="The UNIX CD Bookshelf"><AREA
SHAPE="RECT"
COORDS="74,0,163,21"
HREF="index.htm"
ALT="UNIX Power Tools"><AREA
SHAPE="RECT"
COORDS="164,0,257,21"
HREF="../unixnut/index.htm"
ALT="UNIX in a Nutshell"><AREA
SHAPE="RECT"
COORDS="258,0,321,21"
HREF="../vi/index.htm"
ALT="Learning the vi Editor"><AREA
SHAPE="RECT"
COORDS="322,0,378,21"
HREF="../sedawk/index.htm"
ALT="sed &amp; awk"><AREA
SHAPE="RECT"
COORDS="379,0,438,21"
HREF="../ksh/index.htm"
ALT="Learning the Korn Shell"><AREA
SHAPE="RECT"
COORDS="439,0,514,21"
HREF="../lrnunix/index.htm"
ALT="Learning the UNIX Operating System"></MAP
></DIV
></BODY
></HTML
>