# How it can be??



## vuliad (Nov 19, 2010)

Am i right understand - if we set chmod 666 on file, any user can access it?


```
[root@server /etc/mail]# ls -alh aliases*
-rw-r--r--  1 root  wheel    24K Nov 19 14:04 aliases
-rw-rw-rw-  1 root  wheel    48K Nov 18 13:16 aliases.db
```

from root it accessible ok. BUT

[cmd=]sudo -u otheruser cat /etc/mail/aliases[/cmd]

gives access denied.

If I login with otheruser

```
[otheruser@server /] cd /etc/
-bash: cd: /etc/: Permission denied
```
then 

```
[otheruser@server ~]$ ls -al | grep etc
drwxr-x--x   2 1000  1002  3584 Oct 22 13:12 etc
```
BUT at the same time! from root


```
[root@server /]# ls -al | grep etc
drw-r--r--  36 root  wheel        1024 Nov 19 14:17 etc
```
Why it's differ? how can I enable this folder and file. and why chmod can't do anything?
help)


----------



## jalla (Nov 19, 2010)

vuliad said:
			
		

> Am i right understand - if we set chmod 666 on file, any user can access it?


No, the user must have access to all components of the path. i.e to access /path/to/file the user must have read/execute permissions on /path and /path/to as well



> [root@server /etc/mail]# ls -alh aliases*
> -rw-r--r--  1 root  wheel    24K Nov 19 14:04 aliases
> -rw-rw-rw-  1 root  wheel    48K Nov 18 13:16 aliases.db
> 
> ...


As per above, check permissions on /etc and /etc/mail



> if i login with otheruser
> [otheruser@server /] cd /etc/
> -bash: cd: /etc/: Permission denied


Permissions on /etc is messed up



> then
> [otheruser@server ~]$ ls -al | grep etc
> drwxr-x--x   2 1000  1002  3584 Oct 22 13:12 etc


This is not /etc, it's a dir called etc in the users homedir (~otheruser/etc)



> BUT at the same time!! from root
> 
> [root@server /]# ls -al | grep etc
> drw-r--r--  36 root  wheel        1024 Nov 19 14:17 etc


Yeah, there it is, you have changed mode on /etc to 744. Set it back to 755.
(And generally, never change the mode of system directories)


----------



## SirDice (Nov 19, 2010)

While you're at it change the permissions on aliases.db too. Others should NOT have write permissions there. 

`# chmod 644 /etc/mail/aliases.db`


----------

