Do I really need recursive chmod to restrict access to a folder?Why can tar keep running when I renamed/moved the destination fileShared Linux machine - block home folder access to other users?Restrict user to delete 1 folder, add/change/delete files in that folderRestrict access of shared folder to certain network and certain userRestrict access from group in DebianRestrict access to folder in external HDD before lending it to someoneLinux chmod: How to allow access to a folder and its subfolders/filesHow to chmod all folders recursively excluding all folders withing a specific folder?Allow root user to read, write execute, folder owner to read only, and everybody else to have no access to a folder ubuntuFaster way to restrict access to folder in windows

Why is it called a stateful and a stateless firewall?

Permutations in Disguise

Shouldn't countries like Russia and Canada support global warming?

Teleport everything in a large zone; or teleport all living things and make a lot of equipment disappear

Other than good shoes and a stick, what are some ways to preserve your knees on long hikes?

Is the Dodge action perceptible to other characters?

What 68-pin connector is this on my 2.5" solid state drive?

Wrong Schengen Visa exit stamp on my passport, who can I complain to?

Would it be unbalanced to increase a druid's number of uses of Wild Shape based on level?

Planar regular languages

Impossible Scrabble Words

Is there a tool to measure the "maturity" of a code in Git?

Can a business put whatever they want into a contract?

Insight into cavity resonators

Proof using derivative information to find limit

How do we know that black holes are spinning?

Asked to Not Use Transactions and to Use A Workaround to Simulate One

Why is the car dealer insisting on a loan instead of cash?

Can I travel to European countries with the Irish passport and without destination Visa?

How To Make Earth's Oceans as Brackish as Lyr's

How to give my students a straightedge instead of a ruler

In what state are satellites left in when they are left in a graveyard orbit?

Answer Not A Fool, or Answer A Fool?

Assign every word from a line to a variable

Do I really need recursive chmod to restrict access to a folder?

Why can tar keep running when I renamed/moved the destination fileShared Linux machine - block home folder access to other users?Restrict user to delete 1 folder, add/change/delete files in that folderRestrict access of shared folder to certain network and certain userRestrict access from group in DebianRestrict access to folder in external HDD before lending it to someoneLinux chmod: How to allow access to a folder and its subfolders/filesHow to chmod all folders recursively excluding all folders withing a specific folder?Allow root user to read, write execute, folder owner to read only, and everybody else to have no access to a folder ubuntuFaster way to restrict access to folder in windows

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

If I want to restrict access to a folder secret on a shared machine, do I really need recursive chmod on the folder

chmod -R g=,o= secret

or is chmod on the folder sufficient?

chmod g=,o= secret

What's the practical difference?

asked Apr 15 at 9:34

clemisch

3863 silver badges8 bronze badges

1

The premise of the question is a bit shaky. The purpose of setting files' and directories' modes is to specify who should have what kind of access to them. This is at least notionally a characteristic of each individual file and directory itself, independent of path, and each one should therefore have the appropriate mode assigned to it. If you happen to make those decisions based on the structure of your directory tree, that does not any less mean that each individual file and directory should have the correct mode assigned to it.

– John Bollinger
Apr 17 at 15:31

add a comment
|

If I want to restrict access to a folder secret on a shared machine, do I really need recursive chmod on the folder

chmod -R g=,o= secret

or is chmod on the folder sufficient?

chmod g=,o= secret

What's the practical difference?

asked Apr 15 at 9:34

clemisch

3863 silver badges8 bronze badges

1

The premise of the question is a bit shaky. The purpose of setting files' and directories' modes is to specify who should have what kind of access to them. This is at least notionally a characteristic of each individual file and directory itself, independent of path, and each one should therefore have the appropriate mode assigned to it. If you happen to make those decisions based on the structure of your directory tree, that does not any less mean that each individual file and directory should have the correct mode assigned to it.

– John Bollinger
Apr 17 at 15:31

add a comment
|

If I want to restrict access to a folder secret on a shared machine, do I really need recursive chmod on the folder

chmod -R g=,o= secret

or is chmod on the folder sufficient?

chmod g=,o= secret

What's the practical difference?

asked Apr 15 at 9:34

clemisch

3863 silver badges8 bronze badges

If I want to restrict access to a folder secret on a shared machine, do I really need recursive chmod on the folder

chmod -R g=,o= secret

or is chmod on the folder sufficient?

chmod g=,o= secret

What's the practical difference?

linux permissions chmod

asked Apr 15 at 9:34

clemisch

3863 silver badges8 bronze badges

asked Apr 15 at 9:34

clemisch

3863 silver badges8 bronze badges

asked Apr 15 at 9:34

clemisch

3863 silver badges8 bronze badges

asked Apr 15 at 9:34

clemisch

3863 silver badges8 bronze badges

asked Apr 15 at 9:34

clemisch

3863 silver badges8 bronze badges

1

The premise of the question is a bit shaky. The purpose of setting files' and directories' modes is to specify who should have what kind of access to them. This is at least notionally a characteristic of each individual file and directory itself, independent of path, and each one should therefore have the appropriate mode assigned to it. If you happen to make those decisions based on the structure of your directory tree, that does not any less mean that each individual file and directory should have the correct mode assigned to it.

– John Bollinger
Apr 17 at 15:31

add a comment
|

1

The premise of the question is a bit shaky. The purpose of setting files' and directories' modes is to specify who should have what kind of access to them. This is at least notionally a characteristic of each individual file and directory itself, independent of path, and each one should therefore have the appropriate mode assigned to it. If you happen to make those decisions based on the structure of your directory tree, that does not any less mean that each individual file and directory should have the correct mode assigned to it.

– John Bollinger
Apr 17 at 15:31

The premise of the question is a bit shaky. The purpose of setting files' and directories' modes is to specify who should have what kind of access to them. This is at least notionally a characteristic of each individual file and directory itself, independent of path, and each one should therefore have the appropriate mode assigned to it. If you happen to make those decisions based on the structure of your directory tree, that does not any less mean that each individual file and directory should have the correct mode assigned to it.

– John Bollinger
Apr 17 at 15:31

add a comment
|

3 Answers
3

active

oldest

votes

For a directory, "read" access lets you list the contents, and "execute" access lets your traverse the directory to open one of its children (file or subdirectory). So if you remove:

just the read access, people can still access subdirectories by guessing their names

just the execute flag, people can still list the names of the contents even if they cannot access them, and this can still be revealing

both read and execute privileges on a directory, anything below it becomes unreachable, and you don't need to make a recursive change.

Of course if you make a recursive change, an accidental non-recursive reset of the access rights to the top directory will have less consequences.

edited Apr 15 at 12:49

answered Apr 15 at 12:08

xenoid

5,8283 gold badges11 silver badges23 bronze badges

2

So, a short answer to the title question would be "no, you don't, just chmod'ing the top level folder is sufficient"?

– Marc.2377
Apr 17 at 2:41

1

Yes, for all future accesses.

– xenoid
Apr 17 at 6:48

add a comment
|

It goes without saying that,
if you created a file two days ago (with a publicly readable mode),
and somebody read the file yesterday, or made a copy of it,
then there’s nothing you can do today to make that file private.

xenoid says (somewhat simplistically) that,
if you remove group and other permission from your directory (today, now),
“anything below it becomes unreachable,
and you don't need to make a recursive change.”
I agree that, if you chmod your (top-level) directory appropriately,
nobody but yourself¹
will be able to get into it in the future (i.e., from now on).
But there are some gotchas.

Hard links

Remember that file you created two days ago?
Suppose that your adversary made a hard link to that file yesterday
(instead of copying it).
If you chmod only your (top-level) directory,
then that file will continue to have the publicly readable permissions
you assigned when you created it,
and so the bad guy will still be able to read it in the future
— (potentially) even if you subsequently modify it.
If you do a recursive chmod,
that will secure the permissions on the file,
which will affect the link.
The bad guy will still be able to do ls -l on it,
so they’ll be able to see when you change it, and how big it is,
but they won’t be able to read it again.

Working directory

Suppose that, under your secret directory,
you have a plans directory, and it also is publicly readable.
And suppose that, five minutes ago,
the bad guy opened a terminal window and said

cd /home/clemisch/secret/plans

Now, after you do the chmod on secret,
the bad guy’s working directory is still /home/clemisch/secret/plans,
and they can continue to list that directory and access the files there,
potentially forever.
Of course, once they cd elsewhere, or close that window,
or log out, or the machine is rebooted, then they lose access.

If you do a recursive chmod, that will secure the permissions
on all the files and all the directories,
causing the squatter to lose access immediately.

This might not be a very big risk if the machine is a personal computer
that is accessed only through the console.
But, if the bad guy might have left a screen or tmux session
in the background, then they could use this attack.
And, if the machine supports ssh
(or other remote access; maybe even FTP would be enough),
this attack can be used.

Human error

As xenoid pointed out in their answer:
If you do a recursive chmod on secret today,
and then the day after tomorrow you accidentally
chmod (only) the top-level directory back to 755,
then you will still be protected by today’s recursive chmod —
all the files and directories under secret will still be unreadable.
(Of course, if you create a new file in secret tomorrow,
and you allow it to be publicly readable, then it will be exposed
when you open the permissions on the secret directory.
But that would be true
no matter whether today’s chmod was recursive or not.)

mazunki made a comment, “I believe cp carries permissions.”
I’m not sure what they meant, but consider this scenario.
You want to do a diff between two files:

secret/plans/the/quick/brown/fox/file1

secret/jumps/over/the/lazy/dog/file2

But you aren’t sure exactly where those files are,
and you have to poke around to find them.
You might be tempted to do

cd plans
cd the/quick # looking for file1
cd brown/fox # found it!
cp file1 /tmp
cd ../../../../..
cd jumps/over
cd the # looking for file2
cd lazy/dog # found it!
diff /tmp/file1 file2

If you do this, then /tmp/file1 will have the same protection
as secret/plans/the/quick/brown/fox/file1 —
so that’s another reason to do the recursive chmod today.

ONE more thing

If the bad guy opened one of your secret files five minutes ago,
and keeps it open, they will be able to read it in the future
— potentially even if you modify it.
The good news is that this is a somewhat tricky attack to execute —
the bad guy has to have put some thought into it, before you do the chmod.
The bad news is that this attack is very difficult to defend against
— a recursive chmod won’t help.

__________
¹ and, of course, privileged users / processes

P.S. You can shorten your command a little:
chmod go= is equivalent to chmod g=,o=.
(That won’t make the recursive chmod any faster, of course.)

edited Apr 30 at 4:11

answered Apr 16 at 3:53

G-Man

6,33511 gold badges27 silver badges64 bronze badges

Thank you for the detailed answer! I will still keep xenoid's answer "accepted" because it's so concise, but the info about hard links and working directories is very interesting!

– clemisch
Apr 16 at 8:35

Hmmm. when you copy a file, you are the owner of the copy... and you can change the flags to your heart's desire.

– xenoid
Apr 16 at 9:35

5

The hardlink part is interesting. Would it be possible for someone to guess the inode number and create a hardlink even after the directory rights were changed?

– allo
Apr 16 at 13:08

@xenoid: Yes, of course. I didn’t say “If you copy your file to /Users/Public, you’ll have a problem”, because I would expect that the user wouldn’t copy a file from their secret directory to /Users/Public unless they intended to make it public. My point is that, when you’re dealing with two things, you sometimes use a third place. If you have a chair and a table, and you want to swap them (i.e., move them to each other’s locations), you’ll drag one of them into the middle of the room, move the second one to where the first one was, … (Cont’d)

– G-Man
Apr 16 at 14:43

2

@allo: Good question. I’m pretty sure that there is no program or system call that lets you create a link just by knowing the inode number. If a user had full access to the disk (i.e., read/write access to /dev/sda1, or whatever), they could probably create such a link with a hex editor or a filesystem editor (like debugfs). But that’s moot; anybody who has full read access to the disk can read any file; that’s why that access is typically given only to root (and possibly some other system services).

– G-Man
Apr 16 at 14:43

|
show 3 more comments

-1

Recursive chmod affects all subdirectories and folders too, not just the folder itself.

.:
total 16
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 .
drwxr-xr-x 35 mazunki mazunki 4096 april 15 11:42 ..
d--------- 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b

./a:
total 12
d--------- 3 mazunki mazunki 4096 april 15 11:46 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
dr-xr-xr-x 2 root root 4096 april 15 11:46 aa
-----w---- 1 mazunki mazunki 0 april 15 11:42 b

./a/aa:
total 8
dr-xr-xr-x 2 root root 4096 april 15 11:46 .
d--------- 3 mazunki mazunki 4096 april 15 11:46 ..

./b:
total 8
d--------- 2 mazunki mazunki 4096 april 15 11:42 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
-----w---- 1 mazunki mazunki 0 april 15 11:42 b
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo chmod -R +w a
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo ls -alR 
.:
total 16
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 .
drwxr-xr-x 35 mazunki mazunki 4096 april 15 11:42 ..
d-w------- 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b

./a:
total 12
d-w------- 3 mazunki mazunki 4096 april 15 11:46 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
--w--w---- 1 mazunki mazunki 0 april 15 11:42 a
drwxr-xr-x 2 root root 4096 april 15 11:46 aa
--w--w---- 1 mazunki mazunki 0 april 15 11:42 b

./a/aa:
total 8
drwxr-xr-x 2 root root 4096 april 15 11:46 .
d-w------- 3 mazunki mazunki 4096 april 15 11:46 ..

./b:
total 8
d--------- 2 mazunki mazunki 4096 april 15 11:42 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
-----w---- 1 mazunki mazunki 0 april 15 11:42 b

If you don't explicitly give access to ., you won't be able to read the contents of the folder.

[] ~:~/test ▶ ls -l
total 8
drwxr-xr-x 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo chmod +xxx b
[] ~:~/test ▶ cd b
[] ~:~/test/b ▶ ls
ls: cannot open directory '.': Permission denied
[] ~:~/test/b ▶ sudo chmod +xxx .
[] ~:~/test/b ▶ ls
ls: cannot open directory '.': Permission denied
[] ~:~/test/b ▶ sudo chmod +rrr .
[] ~:~/test/b ▶ ls
a b
[] ~:~/test/b ▶

Likewise, you won't be able to cd into subdirectories of said folder unless you explicitly +x them.

edited Apr 15 at 9:59

answered Apr 15 at 9:49

mazunki

2101 silver badge5 bronze badges

7

I think the OP understands what "recursive" means. What's your answer to the title question? (yes or no?) What about "practical difference"?

– Kamil Maciorowski
Apr 15 at 9:53

6

Sorry, what you wrote may all be true but I don't see how it answers the question. I think the question can be rephrased: after chmod g=,o= secret/, do permissions of objects inside secret/ matter? Well, do they?

– Kamil Maciorowski
Apr 15 at 10:11

Thanks for the answer! I still don't see a difference concerning the secrecy of the folder though. Could it be that you could still cd into a specific subfolder if you knew the path beforehand?

– clemisch
Apr 15 at 10:45

I just tested that and it does not seem to work. Then I really don't see any difference. As -R takes much longer (of course) for many files, I will stick to normal chmod I guess.

– clemisch
Apr 15 at 11:18

3

I agree with @KamilMaciorowski — you don’t seem to be saying anything wrong, but it’s not clear what you are saying. Your example is long and confusing, and you muddy the waters with your use of sudo and directories with mode 0.

– Scott
Apr 16 at 2:01

|
show 2 more comments

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "3"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1425574%2fdo-i-really-need-recursive-chmod-to-restrict-access-to-a-folder%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

3 Answers
3

active

oldest

votes

3 Answers
3

active

oldest

votes

For a directory, "read" access lets you list the contents, and "execute" access lets your traverse the directory to open one of its children (file or subdirectory). So if you remove:

just the read access, people can still access subdirectories by guessing their names

just the execute flag, people can still list the names of the contents even if they cannot access them, and this can still be revealing

both read and execute privileges on a directory, anything below it becomes unreachable, and you don't need to make a recursive change.

Of course if you make a recursive change, an accidental non-recursive reset of the access rights to the top directory will have less consequences.

edited Apr 15 at 12:49

answered Apr 15 at 12:08

xenoid

5,8283 gold badges11 silver badges23 bronze badges

2

So, a short answer to the title question would be "no, you don't, just chmod'ing the top level folder is sufficient"?

– Marc.2377
Apr 17 at 2:41

1

Yes, for all future accesses.

– xenoid
Apr 17 at 6:48

add a comment
|

For a directory, "read" access lets you list the contents, and "execute" access lets your traverse the directory to open one of its children (file or subdirectory). So if you remove:

just the read access, people can still access subdirectories by guessing their names

just the execute flag, people can still list the names of the contents even if they cannot access them, and this can still be revealing

both read and execute privileges on a directory, anything below it becomes unreachable, and you don't need to make a recursive change.

Of course if you make a recursive change, an accidental non-recursive reset of the access rights to the top directory will have less consequences.

edited Apr 15 at 12:49

answered Apr 15 at 12:08

xenoid

5,8283 gold badges11 silver badges23 bronze badges

2

So, a short answer to the title question would be "no, you don't, just chmod'ing the top level folder is sufficient"?

– Marc.2377
Apr 17 at 2:41

1

Yes, for all future accesses.

– xenoid
Apr 17 at 6:48

add a comment
|

For a directory, "read" access lets you list the contents, and "execute" access lets your traverse the directory to open one of its children (file or subdirectory). So if you remove:

just the read access, people can still access subdirectories by guessing their names

just the execute flag, people can still list the names of the contents even if they cannot access them, and this can still be revealing

both read and execute privileges on a directory, anything below it becomes unreachable, and you don't need to make a recursive change.

Of course if you make a recursive change, an accidental non-recursive reset of the access rights to the top directory will have less consequences.

edited Apr 15 at 12:49

answered Apr 15 at 12:08

xenoid

5,8283 gold badges11 silver badges23 bronze badges

For a directory, "read" access lets you list the contents, and "execute" access lets your traverse the directory to open one of its children (file or subdirectory). So if you remove:

just the read access, people can still access subdirectories by guessing their names

just the execute flag, people can still list the names of the contents even if they cannot access them, and this can still be revealing

both read and execute privileges on a directory, anything below it becomes unreachable, and you don't need to make a recursive change.

Of course if you make a recursive change, an accidental non-recursive reset of the access rights to the top directory will have less consequences.

edited Apr 15 at 12:49

answered Apr 15 at 12:08

xenoid

5,8283 gold badges11 silver badges23 bronze badges

edited Apr 15 at 12:49

answered Apr 15 at 12:08

xenoid

5,8283 gold badges11 silver badges23 bronze badges

answered Apr 15 at 12:08

xenoid

5,8283 gold badges11 silver badges23 bronze badges

answered Apr 15 at 12:08

xenoid

5,8283 gold badges11 silver badges23 bronze badges

2

So, a short answer to the title question would be "no, you don't, just chmod'ing the top level folder is sufficient"?

– Marc.2377
Apr 17 at 2:41

1

Yes, for all future accesses.

– xenoid
Apr 17 at 6:48

add a comment
|

2

So, a short answer to the title question would be "no, you don't, just chmod'ing the top level folder is sufficient"?

– Marc.2377
Apr 17 at 2:41

1

Yes, for all future accesses.

– xenoid
Apr 17 at 6:48

So, a short answer to the title question would be "no, you don't, just chmod'ing the top level folder is sufficient"?

– Marc.2377
Apr 17 at 2:41

Yes, for all future accesses.

– xenoid
Apr 17 at 6:48

add a comment
|

Hard links

Working directory

Suppose that, under your secret directory,
you have a plans directory, and it also is publicly readable.
And suppose that, five minutes ago,
the bad guy opened a terminal window and said

cd /home/clemisch/secret/plans

If you do a recursive chmod, that will secure the permissions
on all the files and all the directories,
causing the squatter to lose access immediately.

Human error

mazunki made a comment, “I believe cp carries permissions.”
I’m not sure what they meant, but consider this scenario.
You want to do a diff between two files:

secret/plans/the/quick/brown/fox/file1

secret/jumps/over/the/lazy/dog/file2

But you aren’t sure exactly where those files are,
and you have to poke around to find them.
You might be tempted to do

cd plans
cd the/quick # looking for file1
cd brown/fox # found it!
cp file1 /tmp
cd ../../../../..
cd jumps/over
cd the # looking for file2
cd lazy/dog # found it!
diff /tmp/file1 file2

If you do this, then /tmp/file1 will have the same protection
as secret/plans/the/quick/brown/fox/file1 —
so that’s another reason to do the recursive chmod today.

ONE more thing

P.S. You can shorten your command a little:
chmod go= is equivalent to chmod g=,o=.
(That won’t make the recursive chmod any faster, of course.)

edited Apr 30 at 4:11

answered Apr 16 at 3:53

G-Man

6,33511 gold badges27 silver badges64 bronze badges

Thank you for the detailed answer! I will still keep xenoid's answer "accepted" because it's so concise, but the info about hard links and working directories is very interesting!

– clemisch
Apr 16 at 8:35

Hmmm. when you copy a file, you are the owner of the copy... and you can change the flags to your heart's desire.

– xenoid
Apr 16 at 9:35

5

The hardlink part is interesting. Would it be possible for someone to guess the inode number and create a hardlink even after the directory rights were changed?

– allo
Apr 16 at 13:08

@xenoid: Yes, of course. I didn’t say “If you copy your file to /Users/Public, you’ll have a problem”, because I would expect that the user wouldn’t copy a file from their secret directory to /Users/Public unless they intended to make it public. My point is that, when you’re dealing with two things, you sometimes use a third place. If you have a chair and a table, and you want to swap them (i.e., move them to each other’s locations), you’ll drag one of them into the middle of the room, move the second one to where the first one was, … (Cont’d)

– G-Man
Apr 16 at 14:43

2

@allo: Good question. I’m pretty sure that there is no program or system call that lets you create a link just by knowing the inode number. If a user had full access to the disk (i.e., read/write access to /dev/sda1, or whatever), they could probably create such a link with a hex editor or a filesystem editor (like debugfs). But that’s moot; anybody who has full read access to the disk can read any file; that’s why that access is typically given only to root (and possibly some other system services).

– G-Man
Apr 16 at 14:43

|
show 3 more comments

Hard links

Working directory

Suppose that, under your secret directory,
you have a plans directory, and it also is publicly readable.
And suppose that, five minutes ago,
the bad guy opened a terminal window and said

cd /home/clemisch/secret/plans

If you do a recursive chmod, that will secure the permissions
on all the files and all the directories,
causing the squatter to lose access immediately.

Human error

mazunki made a comment, “I believe cp carries permissions.”
I’m not sure what they meant, but consider this scenario.
You want to do a diff between two files:

secret/plans/the/quick/brown/fox/file1

secret/jumps/over/the/lazy/dog/file2

But you aren’t sure exactly where those files are,
and you have to poke around to find them.
You might be tempted to do

cd plans
cd the/quick # looking for file1
cd brown/fox # found it!
cp file1 /tmp
cd ../../../../..
cd jumps/over
cd the # looking for file2
cd lazy/dog # found it!
diff /tmp/file1 file2

If you do this, then /tmp/file1 will have the same protection
as secret/plans/the/quick/brown/fox/file1 —
so that’s another reason to do the recursive chmod today.

ONE more thing

P.S. You can shorten your command a little:
chmod go= is equivalent to chmod g=,o=.
(That won’t make the recursive chmod any faster, of course.)

edited Apr 30 at 4:11

answered Apr 16 at 3:53

G-Man

6,33511 gold badges27 silver badges64 bronze badges

Thank you for the detailed answer! I will still keep xenoid's answer "accepted" because it's so concise, but the info about hard links and working directories is very interesting!

– clemisch
Apr 16 at 8:35

Hmmm. when you copy a file, you are the owner of the copy... and you can change the flags to your heart's desire.

– xenoid
Apr 16 at 9:35

5

The hardlink part is interesting. Would it be possible for someone to guess the inode number and create a hardlink even after the directory rights were changed?

– allo
Apr 16 at 13:08

@xenoid: Yes, of course. I didn’t say “If you copy your file to /Users/Public, you’ll have a problem”, because I would expect that the user wouldn’t copy a file from their secret directory to /Users/Public unless they intended to make it public. My point is that, when you’re dealing with two things, you sometimes use a third place. If you have a chair and a table, and you want to swap them (i.e., move them to each other’s locations), you’ll drag one of them into the middle of the room, move the second one to where the first one was, … (Cont’d)

– G-Man
Apr 16 at 14:43

2

@allo: Good question. I’m pretty sure that there is no program or system call that lets you create a link just by knowing the inode number. If a user had full access to the disk (i.e., read/write access to /dev/sda1, or whatever), they could probably create such a link with a hex editor or a filesystem editor (like debugfs). But that’s moot; anybody who has full read access to the disk can read any file; that’s why that access is typically given only to root (and possibly some other system services).

– G-Man
Apr 16 at 14:43

|
show 3 more comments

Hard links

Working directory

Suppose that, under your secret directory,
you have a plans directory, and it also is publicly readable.
And suppose that, five minutes ago,
the bad guy opened a terminal window and said

cd /home/clemisch/secret/plans

If you do a recursive chmod, that will secure the permissions
on all the files and all the directories,
causing the squatter to lose access immediately.

Human error

mazunki made a comment, “I believe cp carries permissions.”
I’m not sure what they meant, but consider this scenario.
You want to do a diff between two files:

secret/plans/the/quick/brown/fox/file1

secret/jumps/over/the/lazy/dog/file2

But you aren’t sure exactly where those files are,
and you have to poke around to find them.
You might be tempted to do

cd plans
cd the/quick # looking for file1
cd brown/fox # found it!
cp file1 /tmp
cd ../../../../..
cd jumps/over
cd the # looking for file2
cd lazy/dog # found it!
diff /tmp/file1 file2

If you do this, then /tmp/file1 will have the same protection
as secret/plans/the/quick/brown/fox/file1 —
so that’s another reason to do the recursive chmod today.

ONE more thing

P.S. You can shorten your command a little:
chmod go= is equivalent to chmod g=,o=.
(That won’t make the recursive chmod any faster, of course.)

edited Apr 30 at 4:11

answered Apr 16 at 3:53

G-Man

6,33511 gold badges27 silver badges64 bronze badges

Hard links

Working directory

Suppose that, under your secret directory,
you have a plans directory, and it also is publicly readable.
And suppose that, five minutes ago,
the bad guy opened a terminal window and said

cd /home/clemisch/secret/plans

If you do a recursive chmod, that will secure the permissions
on all the files and all the directories,
causing the squatter to lose access immediately.

Human error

mazunki made a comment, “I believe cp carries permissions.”
I’m not sure what they meant, but consider this scenario.
You want to do a diff between two files:

secret/plans/the/quick/brown/fox/file1

secret/jumps/over/the/lazy/dog/file2

But you aren’t sure exactly where those files are,
and you have to poke around to find them.
You might be tempted to do

cd plans
cd the/quick # looking for file1
cd brown/fox # found it!
cp file1 /tmp
cd ../../../../..
cd jumps/over
cd the # looking for file2
cd lazy/dog # found it!
diff /tmp/file1 file2

If you do this, then /tmp/file1 will have the same protection
as secret/plans/the/quick/brown/fox/file1 —
so that’s another reason to do the recursive chmod today.

ONE more thing

P.S. You can shorten your command a little:
chmod go= is equivalent to chmod g=,o=.
(That won’t make the recursive chmod any faster, of course.)

edited Apr 30 at 4:11

answered Apr 16 at 3:53

G-Man

6,33511 gold badges27 silver badges64 bronze badges

edited Apr 30 at 4:11

answered Apr 16 at 3:53

G-Man

6,33511 gold badges27 silver badges64 bronze badges

answered Apr 16 at 3:53

G-Man

6,33511 gold badges27 silver badges64 bronze badges

answered Apr 16 at 3:53

G-Man

6,33511 gold badges27 silver badges64 bronze badges

Thank you for the detailed answer! I will still keep xenoid's answer "accepted" because it's so concise, but the info about hard links and working directories is very interesting!

– clemisch
Apr 16 at 8:35

Hmmm. when you copy a file, you are the owner of the copy... and you can change the flags to your heart's desire.

– xenoid
Apr 16 at 9:35

5

The hardlink part is interesting. Would it be possible for someone to guess the inode number and create a hardlink even after the directory rights were changed?

– allo
Apr 16 at 13:08

@xenoid: Yes, of course. I didn’t say “If you copy your file to /Users/Public, you’ll have a problem”, because I would expect that the user wouldn’t copy a file from their secret directory to /Users/Public unless they intended to make it public. My point is that, when you’re dealing with two things, you sometimes use a third place. If you have a chair and a table, and you want to swap them (i.e., move them to each other’s locations), you’ll drag one of them into the middle of the room, move the second one to where the first one was, … (Cont’d)

– G-Man
Apr 16 at 14:43

2

@allo: Good question. I’m pretty sure that there is no program or system call that lets you create a link just by knowing the inode number. If a user had full access to the disk (i.e., read/write access to /dev/sda1, or whatever), they could probably create such a link with a hex editor or a filesystem editor (like debugfs). But that’s moot; anybody who has full read access to the disk can read any file; that’s why that access is typically given only to root (and possibly some other system services).

– G-Man
Apr 16 at 14:43

|
show 3 more comments

Thank you for the detailed answer! I will still keep xenoid's answer "accepted" because it's so concise, but the info about hard links and working directories is very interesting!

– clemisch
Apr 16 at 8:35

Hmmm. when you copy a file, you are the owner of the copy... and you can change the flags to your heart's desire.

– xenoid
Apr 16 at 9:35

5

The hardlink part is interesting. Would it be possible for someone to guess the inode number and create a hardlink even after the directory rights were changed?

– allo
Apr 16 at 13:08

@xenoid: Yes, of course. I didn’t say “If you copy your file to /Users/Public, you’ll have a problem”, because I would expect that the user wouldn’t copy a file from their secret directory to /Users/Public unless they intended to make it public. My point is that, when you’re dealing with two things, you sometimes use a third place. If you have a chair and a table, and you want to swap them (i.e., move them to each other’s locations), you’ll drag one of them into the middle of the room, move the second one to where the first one was, … (Cont’d)

– G-Man
Apr 16 at 14:43

2

@allo: Good question. I’m pretty sure that there is no program or system call that lets you create a link just by knowing the inode number. If a user had full access to the disk (i.e., read/write access to /dev/sda1, or whatever), they could probably create such a link with a hex editor or a filesystem editor (like debugfs). But that’s moot; anybody who has full read access to the disk can read any file; that’s why that access is typically given only to root (and possibly some other system services).

– G-Man
Apr 16 at 14:43

Thank you for the detailed answer! I will still keep xenoid's answer "accepted" because it's so concise, but the info about hard links and working directories is very interesting!

– clemisch
Apr 16 at 8:35

Hmmm. when you copy a file, you are the owner of the copy... and you can change the flags to your heart's desire.

– xenoid
Apr 16 at 9:35

The hardlink part is interesting. Would it be possible for someone to guess the inode number and create a hardlink even after the directory rights were changed?

– allo
Apr 16 at 13:08

@xenoid: Yes, of course. I didn’t say “If you copy your file to /Users/Public, you’ll have a problem”, because I would expect that the user wouldn’t copy a file from their secret directory to /Users/Public unless they intended to make it public. My point is that, when you’re dealing with two things, you sometimes use a third place. If you have a chair and a table, and you want to swap them (i.e., move them to each other’s locations), you’ll drag one of them into the middle of the room, move the second one to where the first one was, … (Cont’d)

– G-Man
Apr 16 at 14:43

@allo: Good question. I’m pretty sure that there is no program or system call that lets you create a link just by knowing the inode number. If a user had full access to the disk (i.e., read/write access to /dev/sda1, or whatever), they could probably create such a link with a hex editor or a filesystem editor (like debugfs). But that’s moot; anybody who has full read access to the disk can read any file; that’s why that access is typically given only to root (and possibly some other system services).

– G-Man
Apr 16 at 14:43

|
show 3 more comments

-1

Recursive chmod affects all subdirectories and folders too, not just the folder itself.

.:
total 16
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 .
drwxr-xr-x 35 mazunki mazunki 4096 april 15 11:42 ..
d--------- 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b

./a:
total 12
d--------- 3 mazunki mazunki 4096 april 15 11:46 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
dr-xr-xr-x 2 root root 4096 april 15 11:46 aa
-----w---- 1 mazunki mazunki 0 april 15 11:42 b

./a/aa:
total 8
dr-xr-xr-x 2 root root 4096 april 15 11:46 .
d--------- 3 mazunki mazunki 4096 april 15 11:46 ..

./b:
total 8
d--------- 2 mazunki mazunki 4096 april 15 11:42 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
-----w---- 1 mazunki mazunki 0 april 15 11:42 b
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo chmod -R +w a
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo ls -alR 
.:
total 16
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 .
drwxr-xr-x 35 mazunki mazunki 4096 april 15 11:42 ..
d-w------- 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b

./a:
total 12
d-w------- 3 mazunki mazunki 4096 april 15 11:46 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
--w--w---- 1 mazunki mazunki 0 april 15 11:42 a
drwxr-xr-x 2 root root 4096 april 15 11:46 aa
--w--w---- 1 mazunki mazunki 0 april 15 11:42 b

./a/aa:
total 8
drwxr-xr-x 2 root root 4096 april 15 11:46 .
d-w------- 3 mazunki mazunki 4096 april 15 11:46 ..

./b:
total 8
d--------- 2 mazunki mazunki 4096 april 15 11:42 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
-----w---- 1 mazunki mazunki 0 april 15 11:42 b

If you don't explicitly give access to ., you won't be able to read the contents of the folder.

[] ~:~/test ▶ ls -l
total 8
drwxr-xr-x 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo chmod +xxx b
[] ~:~/test ▶ cd b
[] ~:~/test/b ▶ ls
ls: cannot open directory '.': Permission denied
[] ~:~/test/b ▶ sudo chmod +xxx .
[] ~:~/test/b ▶ ls
ls: cannot open directory '.': Permission denied
[] ~:~/test/b ▶ sudo chmod +rrr .
[] ~:~/test/b ▶ ls
a b
[] ~:~/test/b ▶

Likewise, you won't be able to cd into subdirectories of said folder unless you explicitly +x them.

edited Apr 15 at 9:59

answered Apr 15 at 9:49

mazunki

2101 silver badge5 bronze badges

7

I think the OP understands what "recursive" means. What's your answer to the title question? (yes or no?) What about "practical difference"?

– Kamil Maciorowski
Apr 15 at 9:53

6

Sorry, what you wrote may all be true but I don't see how it answers the question. I think the question can be rephrased: after chmod g=,o= secret/, do permissions of objects inside secret/ matter? Well, do they?

– Kamil Maciorowski
Apr 15 at 10:11

Thanks for the answer! I still don't see a difference concerning the secrecy of the folder though. Could it be that you could still cd into a specific subfolder if you knew the path beforehand?

– clemisch
Apr 15 at 10:45

I just tested that and it does not seem to work. Then I really don't see any difference. As -R takes much longer (of course) for many files, I will stick to normal chmod I guess.

– clemisch
Apr 15 at 11:18

3

I agree with @KamilMaciorowski — you don’t seem to be saying anything wrong, but it’s not clear what you are saying. Your example is long and confusing, and you muddy the waters with your use of sudo and directories with mode 0.

– Scott
Apr 16 at 2:01

|
show 2 more comments

-1

Recursive chmod affects all subdirectories and folders too, not just the folder itself.

.:
total 16
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 .
drwxr-xr-x 35 mazunki mazunki 4096 april 15 11:42 ..
d--------- 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b

./a:
total 12
d--------- 3 mazunki mazunki 4096 april 15 11:46 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
dr-xr-xr-x 2 root root 4096 april 15 11:46 aa
-----w---- 1 mazunki mazunki 0 april 15 11:42 b

./a/aa:
total 8
dr-xr-xr-x 2 root root 4096 april 15 11:46 .
d--------- 3 mazunki mazunki 4096 april 15 11:46 ..

./b:
total 8
d--------- 2 mazunki mazunki 4096 april 15 11:42 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
-----w---- 1 mazunki mazunki 0 april 15 11:42 b
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo chmod -R +w a
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo ls -alR 
.:
total 16
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 .
drwxr-xr-x 35 mazunki mazunki 4096 april 15 11:42 ..
d-w------- 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b

./a:
total 12
d-w------- 3 mazunki mazunki 4096 april 15 11:46 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
--w--w---- 1 mazunki mazunki 0 april 15 11:42 a
drwxr-xr-x 2 root root 4096 april 15 11:46 aa
--w--w---- 1 mazunki mazunki 0 april 15 11:42 b

./a/aa:
total 8
drwxr-xr-x 2 root root 4096 april 15 11:46 .
d-w------- 3 mazunki mazunki 4096 april 15 11:46 ..

./b:
total 8
d--------- 2 mazunki mazunki 4096 april 15 11:42 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
-----w---- 1 mazunki mazunki 0 april 15 11:42 b

If you don't explicitly give access to ., you won't be able to read the contents of the folder.

[] ~:~/test ▶ ls -l
total 8
drwxr-xr-x 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo chmod +xxx b
[] ~:~/test ▶ cd b
[] ~:~/test/b ▶ ls
ls: cannot open directory '.': Permission denied
[] ~:~/test/b ▶ sudo chmod +xxx .
[] ~:~/test/b ▶ ls
ls: cannot open directory '.': Permission denied
[] ~:~/test/b ▶ sudo chmod +rrr .
[] ~:~/test/b ▶ ls
a b
[] ~:~/test/b ▶

Likewise, you won't be able to cd into subdirectories of said folder unless you explicitly +x them.

edited Apr 15 at 9:59

answered Apr 15 at 9:49

mazunki

2101 silver badge5 bronze badges

7

I think the OP understands what "recursive" means. What's your answer to the title question? (yes or no?) What about "practical difference"?

– Kamil Maciorowski
Apr 15 at 9:53

6

Sorry, what you wrote may all be true but I don't see how it answers the question. I think the question can be rephrased: after chmod g=,o= secret/, do permissions of objects inside secret/ matter? Well, do they?

– Kamil Maciorowski
Apr 15 at 10:11

Thanks for the answer! I still don't see a difference concerning the secrecy of the folder though. Could it be that you could still cd into a specific subfolder if you knew the path beforehand?

– clemisch
Apr 15 at 10:45

I just tested that and it does not seem to work. Then I really don't see any difference. As -R takes much longer (of course) for many files, I will stick to normal chmod I guess.

– clemisch
Apr 15 at 11:18

3

I agree with @KamilMaciorowski — you don’t seem to be saying anything wrong, but it’s not clear what you are saying. Your example is long and confusing, and you muddy the waters with your use of sudo and directories with mode 0.

– Scott
Apr 16 at 2:01

|
show 2 more comments

-1

Recursive chmod affects all subdirectories and folders too, not just the folder itself.

.:
total 16
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 .
drwxr-xr-x 35 mazunki mazunki 4096 april 15 11:42 ..
d--------- 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b

./a:
total 12
d--------- 3 mazunki mazunki 4096 april 15 11:46 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
dr-xr-xr-x 2 root root 4096 april 15 11:46 aa
-----w---- 1 mazunki mazunki 0 april 15 11:42 b

./a/aa:
total 8
dr-xr-xr-x 2 root root 4096 april 15 11:46 .
d--------- 3 mazunki mazunki 4096 april 15 11:46 ..

./b:
total 8
d--------- 2 mazunki mazunki 4096 april 15 11:42 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
-----w---- 1 mazunki mazunki 0 april 15 11:42 b
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo chmod -R +w a
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo ls -alR 
.:
total 16
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 .
drwxr-xr-x 35 mazunki mazunki 4096 april 15 11:42 ..
d-w------- 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b

./a:
total 12
d-w------- 3 mazunki mazunki 4096 april 15 11:46 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
--w--w---- 1 mazunki mazunki 0 april 15 11:42 a
drwxr-xr-x 2 root root 4096 april 15 11:46 aa
--w--w---- 1 mazunki mazunki 0 april 15 11:42 b

./a/aa:
total 8
drwxr-xr-x 2 root root 4096 april 15 11:46 .
d-w------- 3 mazunki mazunki 4096 april 15 11:46 ..

./b:
total 8
d--------- 2 mazunki mazunki 4096 april 15 11:42 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
-----w---- 1 mazunki mazunki 0 april 15 11:42 b

If you don't explicitly give access to ., you won't be able to read the contents of the folder.

[] ~:~/test ▶ ls -l
total 8
drwxr-xr-x 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo chmod +xxx b
[] ~:~/test ▶ cd b
[] ~:~/test/b ▶ ls
ls: cannot open directory '.': Permission denied
[] ~:~/test/b ▶ sudo chmod +xxx .
[] ~:~/test/b ▶ ls
ls: cannot open directory '.': Permission denied
[] ~:~/test/b ▶ sudo chmod +rrr .
[] ~:~/test/b ▶ ls
a b
[] ~:~/test/b ▶

Likewise, you won't be able to cd into subdirectories of said folder unless you explicitly +x them.

edited Apr 15 at 9:59

answered Apr 15 at 9:49

mazunki

2101 silver badge5 bronze badges

Recursive chmod affects all subdirectories and folders too, not just the folder itself.

.:
total 16
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 .
drwxr-xr-x 35 mazunki mazunki 4096 april 15 11:42 ..
d--------- 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b

./a:
total 12
d--------- 3 mazunki mazunki 4096 april 15 11:46 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
dr-xr-xr-x 2 root root 4096 april 15 11:46 aa
-----w---- 1 mazunki mazunki 0 april 15 11:42 b

./a/aa:
total 8
dr-xr-xr-x 2 root root 4096 april 15 11:46 .
d--------- 3 mazunki mazunki 4096 april 15 11:46 ..

./b:
total 8
d--------- 2 mazunki mazunki 4096 april 15 11:42 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
-----w---- 1 mazunki mazunki 0 april 15 11:42 b
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo chmod -R +w a
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo ls -alR 
.:
total 16
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 .
drwxr-xr-x 35 mazunki mazunki 4096 april 15 11:42 ..
d-w------- 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b

./a:
total 12
d-w------- 3 mazunki mazunki 4096 april 15 11:46 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
--w--w---- 1 mazunki mazunki 0 april 15 11:42 a
drwxr-xr-x 2 root root 4096 april 15 11:46 aa
--w--w---- 1 mazunki mazunki 0 april 15 11:42 b

./a/aa:
total 8
drwxr-xr-x 2 root root 4096 april 15 11:46 .
d-w------- 3 mazunki mazunki 4096 april 15 11:46 ..

./b:
total 8
d--------- 2 mazunki mazunki 4096 april 15 11:42 .
drwxrwxr-x 4 mazunki mazunki 4096 april 15 11:42 ..
-----w---- 1 mazunki mazunki 0 april 15 11:42 a
-----w---- 1 mazunki mazunki 0 april 15 11:42 b

If you don't explicitly give access to ., you won't be able to read the contents of the folder.

[] ~:~/test ▶ ls -l
total 8
drwxr-xr-x 3 mazunki mazunki 4096 april 15 11:46 a
d--------- 2 mazunki mazunki 4096 april 15 11:42 b
[] ~:~/test ▶ 
[] ~:~/test ▶ 
[] ~:~/test ▶ sudo chmod +xxx b
[] ~:~/test ▶ cd b
[] ~:~/test/b ▶ ls
ls: cannot open directory '.': Permission denied
[] ~:~/test/b ▶ sudo chmod +xxx .
[] ~:~/test/b ▶ ls
ls: cannot open directory '.': Permission denied
[] ~:~/test/b ▶ sudo chmod +rrr .
[] ~:~/test/b ▶ ls
a b
[] ~:~/test/b ▶

Likewise, you won't be able to cd into subdirectories of said folder unless you explicitly +x them.

edited Apr 15 at 9:59

answered Apr 15 at 9:49

mazunki

2101 silver badge5 bronze badges

edited Apr 15 at 9:59

answered Apr 15 at 9:49

mazunki

2101 silver badge5 bronze badges

answered Apr 15 at 9:49

mazunki

2101 silver badge5 bronze badges

answered Apr 15 at 9:49

mazunki

2101 silver badge5 bronze badges

7

I think the OP understands what "recursive" means. What's your answer to the title question? (yes or no?) What about "practical difference"?

– Kamil Maciorowski
Apr 15 at 9:53

6

Sorry, what you wrote may all be true but I don't see how it answers the question. I think the question can be rephrased: after chmod g=,o= secret/, do permissions of objects inside secret/ matter? Well, do they?

– Kamil Maciorowski
Apr 15 at 10:11

Thanks for the answer! I still don't see a difference concerning the secrecy of the folder though. Could it be that you could still cd into a specific subfolder if you knew the path beforehand?

– clemisch
Apr 15 at 10:45

I just tested that and it does not seem to work. Then I really don't see any difference. As -R takes much longer (of course) for many files, I will stick to normal chmod I guess.

– clemisch
Apr 15 at 11:18

3

I agree with @KamilMaciorowski — you don’t seem to be saying anything wrong, but it’s not clear what you are saying. Your example is long and confusing, and you muddy the waters with your use of sudo and directories with mode 0.

– Scott
Apr 16 at 2:01

|
show 2 more comments

7

I think the OP understands what "recursive" means. What's your answer to the title question? (yes or no?) What about "practical difference"?

– Kamil Maciorowski
Apr 15 at 9:53

6

Sorry, what you wrote may all be true but I don't see how it answers the question. I think the question can be rephrased: after chmod g=,o= secret/, do permissions of objects inside secret/ matter? Well, do they?

– Kamil Maciorowski
Apr 15 at 10:11

Thanks for the answer! I still don't see a difference concerning the secrecy of the folder though. Could it be that you could still cd into a specific subfolder if you knew the path beforehand?

– clemisch
Apr 15 at 10:45

I just tested that and it does not seem to work. Then I really don't see any difference. As -R takes much longer (of course) for many files, I will stick to normal chmod I guess.

– clemisch
Apr 15 at 11:18

3

I agree with @KamilMaciorowski — you don’t seem to be saying anything wrong, but it’s not clear what you are saying. Your example is long and confusing, and you muddy the waters with your use of sudo and directories with mode 0.

– Scott
Apr 16 at 2:01

I think the OP understands what "recursive" means. What's your answer to the title question? (yes or no?) What about "practical difference"?

– Kamil Maciorowski
Apr 15 at 9:53

Sorry, what you wrote may all be true but I don't see how it answers the question. I think the question can be rephrased: after chmod g=,o= secret/, do permissions of objects inside secret/ matter? Well, do they?

– Kamil Maciorowski
Apr 15 at 10:11

Thanks for the answer! I still don't see a difference concerning the secrecy of the folder though. Could it be that you could still cd into a specific subfolder if you knew the path beforehand?

– clemisch
Apr 15 at 10:45

I just tested that and it does not seem to work. Then I really don't see any difference. As -R takes much longer (of course) for many files, I will stick to normal chmod I guess.

– clemisch
Apr 15 at 11:18

I agree with @KamilMaciorowski — you don’t seem to be saying anything wrong, but it’s not clear what you are saying. Your example is long and confusing, and you muddy the waters with your use of sudo and directories with mode 0.

– Scott
Apr 16 at 2:01

|
show 2 more comments

draft saved

draft discarded

Thanks for contributing an answer to Super User!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Bsrgvty

3 Answers
3

Hard links

Working directory

Human error

ONE more thing

Your Answer

Post as a guest

3 Answers
3

3 Answers
3

Hard links

Working directory

Human error

ONE more thing

Hard links

Working directory

Human error

ONE more thing

Hard links

Working directory

Human error

ONE more thing

Hard links

Working directory

Human error

ONE more thing

Post as a guest

Popular posts from this blog

Tamil (spriik) Luke uk diar | Nawigatjuun

3 Answers 3

Hard links

Working directory

Human error

ONE more thing

Your Answer

Sign up or log in

Post as a guest

Post as a guest

3 Answers 3

3 Answers 3

Hard links

Working directory

Human error

ONE more thing

Hard links

Working directory

Human error

ONE more thing

Hard links

Working directory

Human error

ONE more thing

Hard links

Working directory

Human error

ONE more thing

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog

Tamil (spriik) Luke uk diar | Nawigatjuun

3 Answers
3

3 Answers
3

3 Answers
3