Determining User Access on a Linux Filesystem with „Classic Permissions“

A Partial Test Procedure

Overview: check-mode is a shellscript that will answer the question „do the applicable non-special mode bits when traversing the absolute dereferenced path to a file or directory F include any of a given set S of non-special mode bits?“

Example: To test if a file „/tmp/component1/component2/test“ exposes read- or write-permission to others, execute:

./check-mode /tmp/component1/component2/test 006

Notes:

  • check-mode will not report a write permission for others to be set if the write permission is granted on a directory with restricted delegation, it will emit a warning instead:
./check-mode /tmp 002
WARNING: Write permissions for others with restricted delegation at "/tmp".
INFO: Components of "/tmp" have no mode-bits of "0002" set.
  • check-mode has to be executed with sufficient permissions to determine the modes of all components of the absolute dereferenced path.
  • check-mode does not actually perform read-, write- or execute access to the specified file or directory; analysis is based on the results of mode-inspection using stat(1).

Availability: The source code (Bourne Shell script) is available at: https://tk-sls.de/gitlab/tilman/check-mode