- 1Introduction
- 2Classic Permissions
- 3Simultaneous User- and Group-Ownership
- 4Restricted Delegation
- 5Absolute Paths and Path Components
- 6Directory Write-Permissions
- 7Directory Execute-Permissions
- 8Symbolic Links
- 9Hard Links
- 10"Does User X have Access to File Y?"
- 11Observations and Caveats
- 12A Partial Test Procedure
A Partial Test Procedure
Overview: check-mode is a shell script that will answer the question „do the applicable non-special mode bits when traversing the absolute de-referenced path to a file or directory F include any of a given set S of non-special mode bits?“
Example: To test if a file „/tmp/component1/component2/test“ exposes read- or write-permission to others, execute:
./check-mode /tmp/component1/component2/test 006
Notes:
- check-mode will not report a write permission for others to be set if the write permission is granted on a directory with restricted delegation, it will emit a warning instead:
./check-mode /tmp 002
WARNING: Write permissions for others with restricted delegation at "/tmp".
INFO: Components of "/tmp" have no mode-bits of "0002" set.
- check-mode has to be executed with sufficient permissions to determine the modes of all components of the absolute de-referenced path.
- check-mode does not actually perform read-, write- or execute access to the specified file or directory; analysis is based on the results of mode-inspection using stat(1).
Availability: The source code (Bourne Shell script) is available at: https://tk-sls.de/gitlab/tilman/check-mode