[KLUG Members] Effective file access question/advice: Part I

[Bob Kanaley]

Gentlemen and Scholars,

My lack of understanding of effective file access became abundantly evident
when I recently had a user request that I create a temporary share for read
only company wide access to files in a subdirectory of his home.

In my naivety I put a symbolic link in a company wide read only share from
the users files that had permissions of 0644 in a subdirectory that had
permissions of 0775 in a home that had permissions 0700. The files did not
show up in the company wide read only samba share until I temporarily
changed the permissions on the home directory to 1775. I am hoping that by
setting the sticky bit on the user’s home, it will give others the temporary
read only access to the files but prevent anyone but the user from
accidentally deleting any of these shared files.

Having to change the permissions on his home to 1775 to give others access
to these files seems to suggest that having permissions 0700 on a user home
implies an effective file access of 0700 on subdirectories of the home. That
is, no one but the home user and root can list, create or delete files in
the users home even if the subdirectory or files below are symbolically
linked to another location.

I am not sure I have this correct, so I hope one of our more experienced and
knowledgeable Linux experts can help me get this correct and perhaps
understand why. I have more complicated configurations that I need to better
understand, but that will be in Part II.

Bob



Robert V. Kanaley
Manager Information Systems
Agdia, Inc.
rvk@agdia.com
http://www.agdia.com