Hi,

I don't know whether this is a bug or it is expected behavior. If
this is a bug I would appreciate someone telling me who to report it
to...


I recently noticed that strange things happen if you do 'chmod 670' on
a directory that you own, and whose group is set to one you belong.

- If you try 'ls', then its contents are shown
- If you try 'cd' to it, you get permission denied.
- If you try 'ls -l', you get many interrogation signs (?????) instead
of the properties of the file.
- If the user is changed to someone other than you, but the group
remains the same, then you get full access.

Since the permissions are set to full access to the group, and I'm
part of that group, shouldn't I get full access to the directory?
Anyways, getting many '????' is very awkward.

Thank you very much!

Patricio


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Tue, 2007-11-13 at 13:25 -0300, Patricio Rojo wrote:
> Hi,
>
> I don't know whether this is a bug or it is expected behavior. If
> this is a bug I would appreciate someone telling me who to report it
> to...
>
>
> I recently noticed that strange things happen if you do 'chmod 670' on
> a directory that you own, and whose group is set to one you belong.
>
> - If you try 'ls', then its contents are shown
> - If you try 'cd' to it, you get permission denied.
> - If you try 'ls -l', you get many interrogation signs (?????) instead
> of the properties of the file.
> - If the user is changed to someone other than you, but the group
> remains the same, then you get full access.
>
> Since the permissions are set to full access to the group, and I'm
> part of that group, shouldn't I get full access to the directory?
> Anyways, getting many '????' is very awkward.
>
> Thank you very much!
>
> Patricio
>
>

Hey,
It's my understanding that it is a linear check for permission. UID,
then GID, then world permissions stopping at a match rather than
aggregating the three. This would explain the behaviour.

cheers,
Owen.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Wed, Nov 14, 2007 at 07:22:45AM +1100, Owen Townend wrote:
>
> On Tue, 2007-11-13 at 13:25 -0300, Patricio Rojo wrote:
> > Hi,
> >
> > I don't know whether this is a bug or it is expected behavior. If
> > this is a bug I would appreciate someone telling me who to report it
> > to...
> >
> >
> > I recently noticed that strange things happen if you do 'chmod 670' on
> > a directory that you own, and whose group is set to one you belong.
> >
> > - If you try 'ls', then its contents are shown
> > - If you try 'cd' to it, you get permission denied.
> > - If you try 'ls -l', you get many interrogation signs (?????) instead
> > of the properties of the file.


can you provide the exact output from ls -l? Usually, ???????
indicates some kind of filesystem damage.

A

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHOg3NaIeIEqwil4YRAtfMAJ9jrPvBdV5OG0jXbAUgwF OMyQcyIgCeLlS9
XyFHs+dm6IdVAoki3nQa5QY=
=STRT
-----END PGP SIGNATURE-----

Patricio Rojo wrote:
> Hi,
>
> I don't know whether this is a bug or it is expected behavior. If
> this is a bug I would appreciate someone telling me who to report it
> to...
>
>
> I recently noticed that strange things happen if you do 'chmod 670' on
> a directory that you own, and whose group is set to one you belong.
>
> - If you try 'ls', then its contents are shown
> - If you try 'cd' to it, you get permission denied.
> - If you try 'ls -l', you get many interrogation signs (?????) instead
> of the properties of the file.
> - If the user is changed to someone other than you, but the group
> remains the same, then you get full access.
>
> Since the permissions are set to full access to the group, and I'm
> part of that group, shouldn't I get full access to the directory?
> Anyways, getting many '????' is very awkward.
>

Is there some reason why you would "chmod 670" and not "chmod 770"?


--
Raj Kiran Grandhi


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Tue, 2007-11-13 at 12:49 -0800, Andrew Sackville-West wrote:
> On Wed, Nov 14, 2007 at 07:22:45AM +1100, Owen Townend wrote:
> >
> > On Tue, 2007-11-13 at 13:25 -0300, Patricio Rojo wrote:
> > > Hi,
> > >
> > > I don't know whether this is a bug or it is expected behavior. If
> > > this is a bug I would appreciate someone telling me who to report it
> > > to...
> > >
> > >
> > > I recently noticed that strange things happen if you do 'chmod 670' on
> > > a directory that you own, and whose group is set to one you belong.
> > >
> > > - If you try 'ls', then its contents are shown
> > > - If you try 'cd' to it, you get permission denied.
> > > - If you try 'ls -l', you get many interrogation signs (?????) instead
> > > of the properties of the file.
>
>
> can you provide the exact output from ls -l? Usually, ???????
> indicates some kind of filesystem damage.
>
> A

Hey,
I'm running Ubuntu 7.10 and was able to reproduce the behaviour.
Also got the same result on my Etch box.

owen@mattimeo:~/TMP$ mkdir one; touch one/a one/b one/c;

owen@mattimeo:~/TMP$ ls -l
total 8
drwxr-xr-x 3 owen owen 4096 2007-09-02 00:29 one

owen@mattimeo:~/TMP$ ls -l one
total 4
-rw-r--r-- 1 owen owen 0 2007-09-02 00:29 a
-rw-r--r-- 1 owen owen 0 2007-09-02 00:29 b
-rw-r--r-- 1 owen owen 0 2007-09-02 00:29 c

owen@mattimeo:~/TMP$ chmod 670 one

owen@mattimeo:~/TMP$ ls -l one
total 0
?--------- ? ? ? ? ? one/a
?--------- ? ? ? ? ? one/b
?--------- ? ? ? ? ? one/c

owen@mattimeo:~/TMP$ ls -l
total 8
drw-rwx--- 3 owen owen 4096 2007-09-02 00:29 one

owen@mattimeo:~/TMP$ uname -a
Linux mattimeo 2.6.22-14-generic #1 SMP Sun Oct 14 23:05:12 GMT 2007
i686 GNU/Linux

For kicks I booted a FreeBSD 6.2 VM and the behaviour was similar:

$ ls -l one
ls: a: Permission denied
ls: b: Permission denied
ls: c: Permission denied
total 0

cheers,
Owen.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Raj Kiran Grandhi <grajkiran@gmail.com>:
>
> Is there some reason why you would "chmod 670" and not "chmod 770"?

To cause filesystem breakage? :-) It's not a bright thing to do.
Users do a lot of not bright things. We should know what's going to
happen when they do this.

It's interesting phenomena, so far, apparently repeatable by others.
I await further reports.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Owen Townend <bowbowbow@optushome.com.au>:
>
> On Tue, 2007-11-13 at 13:25 -0300, Patricio Rojo wrote:
> >
> > I recently noticed that strange things happen if you do 'chmod 670' on
> > a directory that you own, and whose group is set to one you belong.
> >
> > - If you try 'ls', then its contents are shown
> > - If you try 'cd' to it, you get permission denied.

You need execute permission on a dir to do anything to it. Without
it, you can still access files in it if you know the files' names.

> > - If you try 'ls -l', you get many interrogation signs (?????) instead
> > of the properties of the file.
> > - If the user is changed to someone other than you, but the group
> > remains the same, then you get full access.
> >
> > Since the permissions are set to full access to the group, and I'm
> > part of that group, shouldn't I get full access to the directory?
> > Anyways, getting many '????' is very awkward.
>
> It's my understanding that it is a linear check for permission. UID,

Agreed. User (ugo) doesn't have x, fail.

> then GID, then world permissions stopping at a match rather than
> aggregating the three. This would explain the behaviour.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Tue, Nov 13, 2007 at 01:25:35PM -0300, Patricio Rojo wrote:

> - If you try 'ls', then its contents are shown

Yes, because you have read permission.

> - If you try 'cd' to it, you get permission denied.

Yes, because you do not have search ("x") permission.

> - If you try 'ls -l', you get many interrogation signs (?????) instead
> of the properties of the file.

Yes, because you do not have search ("x") permission, so "ls" can not
get the requested information, but it still has to display _something_.

> - If the user is changed to someone other than you, but the group
> remains the same, then you get full access.

Yes, because group permission bits are used only if you are _not_ the
owner of the file.

> Anyways, getting many '????' is very awkward.

No, specifying "rw-" rights for a directory what is awkward. You get
what you've asked for.

Gabor

--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Wed, Nov 14, 2007 at 02:08:12PM +1100, Owen Townend wrote:
>
> On Tue, 2007-11-13 at 12:49 -0800, Andrew Sackville-West wrote:

.....
> >
> > can you provide the exact output from ls -l? Usually, ???????
> > indicates some kind of filesystem damage.
> >
.....
> I'm running Ubuntu 7.10 and was able to reproduce the behaviour.
> Also got the same result on my Etch box.
>

yeah, I was wrong. Others have provided good explanations in this
thread.
A

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHOzu7aIeIEqwil4YRAsaIAJ0dnZlYTkQ+iZta4e2b07 aIhDeDCgCfZTvS
89s1vwAOk0+No/TH0RVpS74=
=1i+6
-----END PGP SIGNATURE-----