I have a personal folder /a/b on the server with permission 700. I don’t want others to list the contents in /a/b. The owner of /a is root.
Now I need to open the full authorities of directory /a/b/c to all users.
I changed the permission of /a/b/c to 777 but it is still inaccessible for others.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You can. You just have to set the executable bit on the /a/b directory. That will prevent being able to see anything in b, but you can still do everything if you go directly to a/b/c.
% mkdir -p a/b/c % chmod 711 a/b % sudo chown root a/b % ll a/b ls: cannot open directory a/b: Permission denied % touch a/b/c/this.txt % ls a/b/c this.txt
Beware that while others cannot list the contents of /a/b, they can access files in that directory if they guess the name of the file.
% echo hello | sudo tee a/b/f % cat a/b/f hello % cat a/b/doesntexist cat: a/b/doesntexist: No such file or directory
So be sure to maintain proper permissions (no group/world) on all other files/directories within the b directory, as this will avoid this caveat.
Method 2
With those permissions, you can’t reach your goal. In order to get to directory c, you must allow all other users to traverse directory b which is done by giving execute permission for that directory. With /a/b set to mode 711, you can achieve what you want since you are granting directory traversal but denying read and write. But do keep in mind that while other users can’t list files in /a/b, they may be access files if they guess the name and the files have sufficiently open permissions.
Method 3
If a user can’t access /a/b, then they can’t access any file under /a/b/c. The permissions on /a/b/c are irrelevant since directory traversal stops at /a/b.
If all you want is to prevent the directory /a/b from being listed, but you’re fine with users accessing files in /a/b if they guess a file name, then you can make /a/b executable but not readable. On a directory, the read permission only controls listing the directory contents, while the execute permission controls access to the entries of that directory.
# chmod u=rwx,go=x /a/b # chmod u=rwx,go=rx /a/b/c # echo 'hello' >/a/b/existingfile # su bob -c 'ls -l /a/b' ls: /a/b: Permission denied # su bob -c 'cat /a/b/nosuchfile' cat: /a/b/nosuchfile: No such file or directory # su bob -c 'cat /a/b/existingfile' hello # su bob -c 'ls -l /a/b/c' … contents of /a/b/c …
If you don’t want other users to be able to access files in /a/b except for /a/b/c, you can expose /a/b/c via another view, through a bind mount.
# chmod u=rwx,go=x /a/b # chmod u=rwx,go=rx /a/b/c # mkdir /c # mount --bind /a/b/c /c # su bob -c 'ls /a/b/c' ls: /a/b/c: Permission denied # su bob -c 'ls -l /c' … contents of /a/b/c …
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0