scvalex.net

10. Permissions Puzzle

Here’s a Linux permissions puzzle for you: assume you have a file, on which the owner has no permissions, the group has read/write permissions, and everybody else has no permissions; you are the owner of the file, and a member of the file’s group; do you have permission to read or write to the file?

% ls -l test-file
----rw---- 1 scvalex staff 0 test-file
% whoami
scvalex
% groups
wheel games staff
% cat test-file
# Does the above succeed?

The answer is: it doesn’t succeed. The implementation of the access(2) syscall used to determine if a user has permissions to a file is in linux/fs/open.c; the actual permission checking code is in acl_permission_check in linux/fs/namei.c. As we can see, if the user is the owner of the file, only their permissions are considered, and the group permissions are ignored.