At Tue, 20 Jul 2010 16:57:11 -0700 CentOS mailing list <centos@xxxxxxxxxx> wrote: > > On 07/20/10 4:54 PM, Larry Brower wrote: > > Ski Dawg wrote: > >> Hello all, > >> > >> Today, I ran across a directory in /etc/ on one of our servers whose > >> permissions where set to 600 (drw-------) with root being the owner. > >> The directory is for the firewall package for the server, so it is not > >> something malicious. Checking some other systems, they also have this > >> directory and the permissions on those servers is also 600, so it > >> isn't just a messed up permissions on this one machine. > >> > >> What is the difference between permissions of 600 and 700 for a > >> directory, that is owned by root (group root)? Is there a reason why > >> some directory should be set to 600 instead of 700? > > > > 600 is read and write for the owner whereas 700 is read write and > > execute. If there is nothing in the folder that needs to be executed > > than 600 would be correct. > > um... on a directory, the X bit means you can LS the contents of the > directory. of course, root ignores this anyways and overrides it. Note that execute access is only needed on a directory if you want to list its contents (eg ls). If you know ahead of time the name of the file in the directory you seek to access, you don't need execute access on the directory. Not having execute access on a directory keeps 'noisy' people from discovering the contents of the directory. This is a not unreasonably security setting. > > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows heller@xxxxxxxxxxxx -- http://www.deepsoft.com/ModelRailroadSystem/ _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos