I have a personal folder /a/b on the server with permission 700. I don't want others to list the contents in /a/b. The owner of /a is root.
Now I need to open the full authorities of directory /a/b/c to all users.
I changed the permission of /a/b/c to 777 but it is still inaccessible for others.
You can. You just have to set the executable bit on the /a/b directory. That will prevent being able to see anything in b, but you can still do everything if you go directly to a/b/c.
% mkdir -p a/b/c % chmod 711 a/b % sudo chown root a/b % ll a/b ls: cannot open directory a/b: Permission denied % touch a/b/c/this.txt % ls a/b/c this.txt Beware that while others cannot list the contents of /a/b, they can access files in that directory if they guess the name of the file.
% echo hello | sudo tee a/b/f % cat a/b/f hello % cat a/b/doesntexist cat: a/b/doesntexist: No such file or directory So be sure to maintain proper permissions (no group/world) on all other files/directories within the b directory, as this will avoid this caveat.
b to link to c a/b have nonzero group/other permissions, and an adversary knows or can guess their names, said adversary can interact with those files. b should have perms set to protect against this prior to creating c, and then diligence is needed when other items are populated into b to ensure perms are secure for only owner. With those permissions, you can't reach your goal. In order to get to directory c, you must allow all other users to traverse directory b which is done by giving execute permission for that directory. With /a/b set to mode 711, you can achieve what you want since you are granting directory traversal but denying read and write. But do keep in mind that while other users can't list files in /a/b, they may be access files if they guess the name and the files have sufficiently open permissions.
If a user can't access /a/b, then they can't access any file under /a/b/c. The permissions on /a/b/c are irrelevant since directory traversal stops at /a/b.
If all you want is to prevent the directory /a/b from being listed, but you're fine with users accessing files in /a/b if they guess a file name, then you can make /a/b executable but not readable. On a directory, the read permission only controls listing the directory contents, while the execute permission controls access to the entries of that directory.
# chmod u=rwx,go=x /a/b # chmod u=rwx,go=rx /a/b/c # echo 'hello' >/a/b/existingfile # su bob -c 'ls -l /a/b' ls: /a/b: Permission denied # su bob -c 'cat /a/b/nosuchfile' cat: /a/b/nosuchfile: No such file or directory # su bob -c 'cat /a/b/existingfile' hello # su bob -c 'ls -l /a/b/c' … contents of /a/b/c … If you don't want other users to be able to access files in /a/b except for /a/b/c, you can expose /a/b/c via another view, through a bind mount.
# chmod u=rwx,go=x /a/b # chmod u=rwx,go=rx /a/b/c # mkdir /c # mount --bind /a/b/c /c # su bob -c 'ls /a/b/c' ls: /a/b/c: Permission denied # su bob -c 'ls -l /c' … contents of /a/b/c … 
chmod +x /a/b