Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
chmod -R only files or only directories?
120 views
Skip to first unread message
SpreadTooThin
May 24, 2012, 12:13:14 PM5/24/12
to
This question started when I wasn't able to tar up a directory because the permissions where set in such a way that tar wasn't able to read some things, even as root,
brute force chmod -R +x on the directory and everything under it helps, but might open up some vulnerabilities.
Can you tell chmod -R +x to only effect directories or conversely only to effect 'actual' files?
Many thanks in advance.
brute force chmod -R +x on the directory and everything under it helps, but might open up some vulnerabilities.
Can you tell chmod -R +x to only effect directories or conversely only to effect 'actual' files?
Many thanks in advance.
hymie!
May 24, 2012, 12:32:02 PM5/24/12
to
In our last episode, the evil Dr. Lacto had captured our hero,
find . -type d -exec chmod +x {} \;
>or conversely only to effect 'actual' files?
find . -type f -exec chmod +x {} \;
--hymie! http://lactose.homelinux.net/~hymie hy...@lactose.homelinux.net
find . -type d -exec chmod +x {} \;
>or conversely only to effect 'actual' files?
--hymie! http://lactose.homelinux.net/~hymie hy...@lactose.homelinux.net
Barry Margolin
May 24, 2012, 1:00:51 PM5/24/12
to
In article <170fa773-1be3-44b4...@googlegroups.com>,
If root can't read the files, it probably won't be able to chmod them,
either.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
either.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
Casper H.S. Dik
May 24, 2012, 3:16:08 PM5/24/12
to
executable bits or if the file is a directory":
chmod -R +X ...
(not exactly what you wanted but it comes close)
Casper
Gerard H. Pille
May 24, 2012, 3:20:50 PM5/24/12
to
Barry Margolin wrote:
>
> If root can't read the files, it probably won't be able to chmod them,
> either.
>
Remind me, pray, how does one prevent root from reading a file?
>
> If root can't read the files, it probably won't be able to chmod them,
> either.
>
Barry Margolin
May 24, 2012, 7:01:31 PM5/24/12
to
In article <4fbe8a04$0$3119$ba62...@news.skynet.be>,
There are some security-enhanced versions of Unix that have
finer-grained access control, which even root can't get around.
finer-grained access control, which even root can't get around.
John Dow
Aug 15, 2012, 10:01:55 AM8/15/12
to
Gerard H. Pille the Monkey was never naughty:
rm -f $filename :)
J
--
John Dow <j...@nelefa.org.invalid>
... Blog : http://www.nelefa.org Writing : http://www.johnmdow.co.uk
/|\ Constructed using slrn and vi.
/ | \ Zomoniac is Wrong. Fact.
J
--
John Dow <j...@nelefa.org.invalid>
... Blog : http://www.nelefa.org Writing : http://www.johnmdow.co.uk
/|\ Constructed using slrn and vi.
/ | \ Zomoniac is Wrong. Fact.
Message has been deleted
Barry Margolin
Aug 15, 2012, 10:34:34 PM8/15/12
to
In article <vilain-01473E....@news.individual.net>,
Michael Vilain <vil...@NOspamcop.net> wrote:
> In article <jnmsf9-...@bague.nelefa.org>,
> root can read it. Some other OSs implement ACLs that might prevent root
> from having access to a file, but that would break a lot of stuff. The
> basic assumption in UNIX is that root has unencumbered access to all
> files. The file permissions check in the OS is bypassed if the process'
> ID is 0 (root).
>
> So, encrypt the file and root will still be able to read it. But they
> won't be able to do much with it.
The OP said that he couldn't tar a directory because of permissions
problems, even as root. Encryption is irrelevant. rm would certainly
prevent you from tarring the file, although it won't cause a permissions
error.
My guess is he's on a flavor of Unix with security extensions that
override root's super powers.
Michael Vilain <vil...@NOspamcop.net> wrote:
> In article <jnmsf9-...@bague.nelefa.org>,
> John Dow <j...@nelefa.org.invalid> wrote:
>
> > Gerard H. Pille the Monkey was never naughty:
> > > Barry Margolin wrote:
> > >>
> > >> If root can't read the files, it probably won't be able to chmod them,
> > >> either.
> > >>
> > >
> > > Remind me, pray, how does one prevent root from reading a file?
> >
> > rm -f $filename :)
> >
> > J
>
> On Linux and Solaris, you can't AFAIK. Unless the file is encrypted,
>
> > Gerard H. Pille the Monkey was never naughty:
> > > Barry Margolin wrote:
> > >>
> > >> If root can't read the files, it probably won't be able to chmod them,
> > >> either.
> > >>
> > >
> > > Remind me, pray, how does one prevent root from reading a file?
> >
> > rm -f $filename :)
> >
> > J
>
> root can read it. Some other OSs implement ACLs that might prevent root
> from having access to a file, but that would break a lot of stuff. The
> basic assumption in UNIX is that root has unencumbered access to all
> files. The file permissions check in the OS is bypassed if the process'
> ID is 0 (root).
>
> So, encrypt the file and root will still be able to read it. But they
> won't be able to do much with it.
The OP said that he couldn't tar a directory because of permissions
problems, even as root. Encryption is irrelevant. rm would certainly
prevent you from tarring the file, although it won't cause a permissions
error.
My guess is he's on a flavor of Unix with security extensions that
override root's super powers.
Gerard H. Pille
Aug 16, 2012, 1:03:18 PM8/16/12
to
Barry Margolin wrote:
>
> My guess is he's on a flavor of Unix with security extensions that
> override root's super powers.
>
/tmp
>
> My guess is he's on a flavor of Unix with security extensions that
> override root's super powers.
>
# ls -ld testposi2_files
d-w------- 3 ghp ghp 4096 Aug 16 18:55 testposi2_files
/tmp
# ls -l /bin/tar
-rwxr-xr-x 1 root root 311832 Dec 31 2011 /bin/tar
/tmp
# cp /bin/tar /bin/tar_ghp
/tmp
# chown ghp:ghp /bin/tar_ghp
/tmp
# chmod u+s /bin/tar_ghp
/tmp
# tar_ghp cvf /tmp/test.tar testposi2_files
tar_ghp: testposi2_files: Cannot open: Permission denied
tar_ghp: Exiting with failure status due to previous errors
hymie!
Aug 16, 2012, 1:57:13 PM8/16/12
to
In our last episode, the evil Dr. Lacto had captured our hero,
"Gerard H. Pille" <g...@skynet.be>, who said:
># ls -ld testposi2_files
>d-w------- 3 ghp ghp 4096 Aug 16 18:55 testposi2_files
># cp /bin/tar /bin/tar_ghp
># ls -ld testposi2_files
>d-w------- 3 ghp ghp 4096 Aug 16 18:55 testposi2_files
># chown ghp:ghp /bin/tar_ghp
># chmod u+s /bin/tar_ghp
># tar_ghp cvf /tmp/test.tar testposi2_files
>tar_ghp: testposi2_files: Cannot open: Permission denied
>tar_ghp: Exiting with failure status due to previous errors
What's your point here? That you can specifically decline to use your
>tar_ghp: testposi2_files: Cannot open: Permission denied
>tar_ghp: Exiting with failure status due to previous errors
rootly powers, and then be upset that your rootly powers don't work?
--hymie! http://lactose.homelinux.net/~hymie hy...@lactose.homelinux.net
-------------------------------------------------------------------------------
Gerard H. Pille
Aug 16, 2012, 2:57:40 PM8/16/12
to
0 new messages