> I'm writing again with what I think is another silly question... but
> since I'm unable to see where does it come from...
> I'm controlling the security in a file system and a non-authorized
> user can do something like:
> [franco@ccdc adas]$ ls -la
> total 76
> drwxr-xr-x 7 franco franco 4096 Jun 15 14:32 .
> drwxr-xr-x 23 root root 4096 Jul 13 08:22 ..
> drwx------ 2 franco franco 4096 Jun 15 14:48 mount
> drwx------ 2 franco franco 4096 Jun 15 14:48 source
> [franco@ccdc adas]$ cd mount
> [franco@ccdc mount]$ ls -la
> ls: reading directory .: Permission denied
> total 0
> we are still able to do "cd mount".. even if after that the
> permissions are denied...
> normally it shouldnt be possible to go inside the directory.....
> am I forgetting something obvious?... does it have something to do
> with the new methods for the directories?
No, it's my stupid ommision.
A "permission" method is really needed to be able to make this work.
It was left out, because most operations can check the permission
themselves, reducing the number of roundtrips between the kernel and
the filesystem. However a couple of operations (access(), chdir())
won't necessarily trigger any userspace method.
I'll think about adding a permission method, without throwing away the
advantages of the current system.