Security question regarding directory and file permissions

From: Mhoram (mwathke_at_netscape.net)
Date: 06/05/03

• Next message: Khayman: "Re: Can I protect my RedHat 7.2 box from port scanning?"
• Previous message: Nico Kadel-Garcia: "Re: Removing hacker's file"
• Next in thread: Sebastian Hans: "Re: Security question regarding directory and file permissions"
• Reply: Sebastian Hans: "Re: Security question regarding directory and file permissions"
• Reply: Ryan R. Frederick: "Re: Security question regarding directory and file permissions"
• Reply: Vilmos Soti: "Re: Security question regarding directory and file permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 5 Jun 2003 07:23:37 -0700

I am wondering if the following scenario (which I can produce on
RedHat 8 and RedHat 9 systems, but not on AIX or Solaris) is a bug or
is done by design.

I create a directory called /test with permissions of 777. Then, as
user1, I create a file called testfile in that directory. The file
has permissions of 664, owner is user1, and group is user1. I then
log in as user2, change to the test directory, and edit the file using
vi. Vi correctly states that the file is being opened read-only.
While still in vi, I add a line to the file and try to save it using
:w – to which vi again states that the file is read-only. So far so
good. But if I save my changes using :w! - vi allows the change.
When I exit vi and do an ls, the file still has permissions of 664,
but is now owned by user2 with a group of user2.

Is this how it should work? I thought that file permissions would
override the directory permissions in the above example when trying to
write to the file. And even if the file changes should be allowed to
be written, I was certainly surprised to see the owner and group
change.

Thanks for any input.

---

• Next message: Khayman: "Re: Can I protect my RedHat 7.2 box from port scanning?"
• Previous message: Nico Kadel-Garcia: "Re: Removing hacker's file"
• Next in thread: Sebastian Hans: "Re: Security question regarding directory and file permissions"
• Reply: Sebastian Hans: "Re: Security question regarding directory and file permissions"
• Reply: Ryan R. Frederick: "Re: Security question regarding directory and file permissions"
• Reply: Vilmos Soti: "Re: Security question regarding directory and file permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Security question regarding directory and file permissions ... |>I create a directory called /test with permissions of 777. ... |>but is now owned by user2 with a group of user2. ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... (comp.os.linux.security) Re: AdminSDHolder thread - How can I block?? ... a user who's a domain admin ... > wishes to grant another user (User2) "send as" permissions on his ... > User1 in effective removed from the ACL of User1. ... > be to add "send as" permissions for User2 to the AdminSDHolder ... (microsoft.public.win2000.active_directory) Re: Security question regarding directory and file permissions ... > is done by design. ... > user1, I create a file called testfile in that directory. ... > log in as user2, change to the test directory, and edit the file using ... I thought that file permissions would ... (comp.os.linux.security) AdminSDHolder thread - How can I block?? ... wishes to grant another user (User2) "send as" permissions on his ... User1 in effective removed from the ACL of User1. ... be to add "send as" permissions for User2 to the AdminSDHolder ... (microsoft.public.win2000.active_directory) Re: Delegation - removing my name as sender ... However, if I remove user2 from "send of behalf" on the user1, and keep ... >> Only your Exchange administrator can do that, ... >> permissions on the other mailbox. ... (microsoft.public.outlook.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)