September 11 2017 | File::Path Security | Back Next |
Security expert with cPanel in Houston
The rm command doesn't attempt to modify permissions on anything, so to do a recursive deletion (rm -r), it needs:
write permissions on the directory inodes it is modifying to remove directory entries.
An "inode is a data structure in a Unix-style file system that describes a filesystem object such as a file or a directory."
https://en.wikipedia.org/wiki/Inode, last edited July 26 2017, retrieved August 2 2017.
execute permissions on any directories it needs to traverse across to access subdirectories.
read permissions on any directories it needs to traverse across so that it can see that it needs to traverse.
Hence, with:
rw (0600)
You can't traverse to remove subdirectories or files in the directory. You can see that the directory contents are there but can't stat() them.
rx (0500)
You can't alter the directory to remove its contents (though you can see the contents).
wx (0300)
You can't see what the directory contains (so if it contains anything and rmdir() fails, there is no way to recurse downwards.)
Home Last TOC | Copyright © 2017 James E Keenan | Back Next |