On Fri, Apr 28, 2023 at 04:09:12PM -0400, Greg Wooledge wrote: > On Fri, Apr 28, 2023 at 08:20:37PM +0200, to...@tuxteam.de wrote: > > On Fri, Apr 28, 2023 at 01:28:11PM -0400, Greg Wooledge wrote: > > > On Fri, Apr 28, 2023 at 07:06:17PM +0200, Maurizio Caloro wrote: > > > > f: /var/lib/rancid/routers/configs > > > > drwxr-xr-x root root / > > > > drwxr-xr-x root root var > > > > drwxr-xr-x root root lib > > > > drwxr-xr-x rancid rancid rancid > > > > drwxr-x--- rancid rancid routers > > > > drwxr-x--- rancid rancid configs > > > > > > The last two directories are missing world +x permission. This means > > > the web server process can't touch them -- can't enter them, can't > > > open files within them, etc. > > > > [...] > > > > I guess they need read permission too? > > Only if the web server process needs to generate a directory listing. > If it knows the file name in advance, read permission isn't needed -- > just execute.
That's right. "Experimentally" confirmed :) I always had this (obviously mislead) notion that the web server checks read permission along the whole path to read-access a file. At least lighttpd doesn't (but I gues this kind of convention will be common to all servers). > > And the file itself, c3560, also needs read permissions. > > We don't know that, yet :) > > Yes, assuming the intent is to deliver the file's content, it'll need > read permission on the file itself. So, Maurizio -- to finish this riddle: what does "ls -l c3560" say? C'mon, the suspense is hard to bear ;-) Cheers -- t
signature.asc
Description: PGP signature
