Question

Unix treats file directories in the same fashion as files; that is, both is defined by the same type of data structure, call an inode. As with files, directories include a non-bit protection string. If care is not taken, this can create access control problems. For example, consider a file with protection mode 644 (rw- r-- r--) contained in a directory with protection mode 730 (rwx -wx ---). How might the files be compromised in this case?

Answer 1

For example, consider a file with protection mode 644 (rw- r-- r--) contained in a directory with protection mode 730 (rwx -wx ---). How might the files be compromised in this case?

Read(r)

• Grants the capability to read, i.e., view the contents of the file.

Write(w)

• Grants the capability to modify, or remove the content of the file.

Execute(x)

• User with execute permissions can run a file as a program.

When a file with protection mode 644 (rw-r--r-- which is read, write for user; read for group; read for others) is contained in a directory which has file permissions mode 730 ( rwx - wx --- whrere rwx is read , write, execute for user/owner; wx is write and execute for group and nil for others)

For USER/OWNER

File permission- 644 (rw- r-- r--) Directory permission- 730 (rwx -wx ---)

This means that the file inside permissions mode 730 will have no issues in accessing for the user/owner since the file rwx permission and the user will be able to read, write and execute the files within that directory.

For GROUPS

File permission- 644 (rw- r-- r--) Directory permission- 730 (rwx -wx ---)

Whereas for the group user, the directory has wx (write,execute) permissions only , so the groups cannot read the file although they have read permission fot he actualy file but not for the folder in which it resides. They can only write or execute the file but it will be of no use since they cannot read it.

For OTHERS

File permission- 644 (rw- r-- r--) Directory permission- 730 (rwx -wx ---)

The directory has given no permissions at all for others, so even though they have read permissions to the file, they cannot read it as the directory in which it resides has given no permissions to them. They cannot acces the file at first, so the read permission is of no use to them.