Re: deny deleting a file for users.. trying a solution

• Previous message: Brian Hatch: "Re: deny deleting a file for users"
• In reply to: Glynn Clements: "Re: deny deleting a file for users.. trying a solution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 5 Jun 2003 09:37:51 -0700
To: Glynn Clements <glynn.clements@virgin.net>

> > It has only one problem if user knows about chmod and chown
> > can change permissions of directory because is in his/her HOME
> > (obviouslly owned by the user) but normally they don't know about
> > this commands.
>
> Normal users can't change the ownership of a file, so even if they
> know about chown, it doesn't do them any good here.

If they own their home dir, then they could change the ownership
of the file to them in a roundabout way

        $ cd $HOME # go home
        $ chmod u+w . # make sure I can write my home dir
        $ cp file newfile # copy the file owned by someone else
        $ rm file # I have +wx to my home dir, I can
                                # delete other people's files.
        $ mv newfile file # rename it back

Also, note that on some unix-like operating systems you can use
chown itself to change a file you own to be owned by someone else.
This is commonly known as 'file givaways' and is a bad idea in
general (let's you get around quotas, for example.) Has nothing
to do with this thread, but thought I should bring it up. On
one of these unix-like systems, it would be possible to change the
ownership of one of your files to anybody, regardless of directory
perms, and to yourself or anybody else if you have write perms to
the directory using the example above.

Linux is not stupid enough to allow file givaways.

--
Brian Hatch                  Join the Army,
   Systems and                meet interesting
   Security Engineer          people, kill them.
http://www.ifokr.org/bri/
Every message PGP signed

• application/pgp-signature attachment: stored

• Previous message: Brian Hatch: "Re: deny deleting a file for users"
• In reply to: Glynn Clements: "Re: deny deleting a file for users.. trying a solution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: new to ubuntu; have a few questions ... the file system has an unknown owner; how do i put the root as owner ... i tried <chown root /> and root did not take ownership. ... (Ubuntu) Re: Moving A Linux Drive. Please Help! ... You might have some problems with ownership, ... /etc/passwd in each distro to see what UID you were assigned. ... you will need to do a recursive chown to match the ... (comp.os.linux.misc) Re: Cant chown() "my" files... ... Technically, the owner of the file *can* chown it, but they can't assign ownership to any other user -- they can only chown it to themself, which is rather pointless. ... won't work - the script will execute under the user's permissions. ... Even chown'ing it to root will not make any difference as far as the script goes. ... (comp.lang.php) Re: new to ubuntu; have a few questions ... for a user named cge to take ownership of the /mnt/hd ... You might want to read the manual page for chown (with the command "man ... To Dwain: You can make the hard drive so that only you can ... chown on the hdd and i didn't take ownership. ... (Ubuntu) Re: How to prevent access to other users Home directories? ... and, if necessary, chown in the Terminal to fix them (assuming you know ... If you click "Cancel", the box *appears* to remain checked, but if you try accessing restricted files/folders on that drive, or close & re-open the Get Info dialog, you'll find that the "ignore ownership" option is still turned off. ... There apears to be a bug in OS X where it prompts you to authenticate as an administrator to uncheck the option, ... (comp.sys.mac.apps)