Determining User Access on a Linux Filesystem with „Classic Permissions“

Observations and Caveats

When performing the test procedure as described above on non-directories, the complexity of the test increases in proportion to the number of hard links of a file, not counting in the effort it requires to determine every hard link of the file, which can be significant on large filesystems.

In this article, only the semantics of „classic permissions“ as implemented by the „mode bits“ have been analyzed. Not taken into account have been:

  • Attributes that can be assigned with chattr(1),
  • extended POSIX-ACLs that can be managed with getfacl(1) and setfacl(1) if the filesystem supports them,
  • „bind-mounts“ that can make directories available at different places in the directory system,
  • processes running in chroot(2) environments and
  • the implications of modified mount namespaces.