Suppose a teacher has prepared for his students, before course's beginning, a series of surprise tests that cover it whole.
tests ├── subject1 │ └── exam.txt ├── subject2 │ └── exam.txt ├── subject3 │ └── exam.txt └── subject4 └── exam.txt Let's say he puts the tests directory in each student's computer user home.
Then he recursively sets the following permissions
owner: teacher group: teachers mode: 550 on the tests directory, so that only other teachers can read the subjects and also access exam texts.
At the end of the first semester, he thinks his students are ready for the first trial and so the night before he sets
owner: teacher group: teachers mode: 771 on the tests directory and
owner: student group: teachers mode: 770 on the subject1 subdirectory, so that next day the students will be able to access the test only after he will have told them the path.
Then the following morning he discovers the students not only have already read the test, but they even know all the subjects, because they had leveraged the fact that the system tells them when they are trying to access a non-existing directory and when they are trying to access an existing directory they eventually don't have read permissions on, so they brute-forced tests using ls and a dictionary.
Clearly the teacher has been naive in thinking the students won't have tried to access the text before the exam; neverthless my questions are:
what's the point of not giving read permissions on a directory if the user can still brute force the name of each object in it?
Why doesn't the system just return a generic error whenever the user is trying to access something he shouldn't had access to in the first place?
~/tests)?subject1, not 660.