toying with unix group permissions

i was curious about a concept presented in this following MIT presentation:

so i tested it out on a recently set up vm of ubuntu server.
directory structure of /dir1/dir2/
dir2 contains a secret.txt file
group permissions on both dir1 and dir2 are 710
testgroup1 has execute on dir1 and testgroup2 has execute on dir2
testuser1 is a member of testgroup1 and testuser2 is a member of both groups

testuser1 cannot traverse past dir1 as expected. testuser2 can traverse to dir2. neither users can list directory contents; however, since i know the filename for secret.txt a “cat secret.txt” does reveal the file contents to testuser2. testuser2 was also able to copy the text file to its own home directory.

next, i created a soft link to the original secret.txt in testuser2’s home directory then removed testuser2 from testgroup2. of course, testuser2 lost the ability to traverse dir2. additionally, testuser2’s softlink that it had ownership did not allow it to view the contents of secret.txt.

i imagine this would work with a hard link though.

This entry was written by resinblade , posted on Tuesday August 30 2016at 10:08 pm , filed under IT . Bookmark the permalink . Post a comment below or leave a trackback: Trackback URL.

Comments are closed.