Re: Security question regarding directory and file permissions

From: CL (dnoyeB) Gilbert (CheckMyGPGKey_at_ThisOneIsFake.com)
Date: 06/05/03


Date: Thu, 05 Jun 2003 14:51:07 -0400


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ryan R. Frederick wrote:
| Mhoram wrote:
|
|>I am wondering if the following scenario (which I can produce on
|>RedHat 8 and RedHat 9 systems, but not on AIX or Solaris) is a bug or
|>is done by design.
|>
|>I create a directory called /test with permissions of 777. Then, as
|>user1, I create a file called testfile in that directory. The file
|>has permissions of 664, owner is user1, and group is user1. I then
|>log in as user2, change to the test directory, and edit the file using
|>vi. Vi correctly states that the file is being opened read-only.
|>While still in vi, I add a line to the file and try to save it using
|>:w to which vi again states that the file is read-only. So far so
|>good. But if I save my changes using :w! - vi allows the change.
|>When I exit vi and do an ls, the file still has permissions of 664,
|>but is now owned by user2 with a group of user2.
|>
|>Is this how it should work? I thought that file permissions would
|>override the directory permissions in the above example when trying to
|>write to the file. And even if the file changes should be allowed to
|>be written, I was certainly surprised to see the owner and group
|>change.
|>
|>Thanks for any input.
|
|
| If you don't want people to be able to remove or write over other
| peoples files you need to set the sticky bit..
|
| chmod 1777 /test
| then user1 can create a file and user2 will not be able to write over
| that file.. or delete that file. Files which are readonly can still be
| deleted other wise...
|
| bob
|
you know, chmod does not contain much info about the sticky bit. Where
can I find some?

- --
L8r,

C.L. Gilbert
For a free Java interface to Freechess.org see
http://www.rigidsoftware.com/Chess/chess.html

"Verily, verily, I say unto you, He that entereth not by the door() into
the sheepfold{}, but climbeth up some other *way, the same is a thief
and a robber." John 10:1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+35EbVbJM14DSCi0RAmbWAKCvpMOoDnEwKkqTc0Y3XQsHsyIQGACeNwy2
x8U1gLtqgtSG9DCZPQGKciA=
=PiIT
-----END PGP SIGNATURE-----



Relevant Pages

  • Security question regarding directory and file permissions
    ... RedHat 8 and RedHat 9 systems, but not on AIX or Solaris) is a bug or ... I create a directory called /test with permissions of 777. ... has permissions of 664, owner is user1, and group is user1. ... but is now owned by user2 with a group of user2. ...
    (comp.os.linux.security)
  • Re: AdminSDHolder thread - How can I block??
    ... a user who's a domain admin ... > wishes to grant another user (User2) "send as" permissions on his ... > User1 in effective removed from the ACL of User1. ... > be to add "send as" permissions for User2 to the AdminSDHolder ...
    (microsoft.public.win2000.active_directory)
  • Re: Send on Behalf doesnt seem to behave consistently
    ... Behalf' I add User2 and User3. ... permissions error. ... rechecked settings over and over and even tried ...
    (microsoft.public.exchange.admin)
  • Re: Directory permissions
    ... When I do an ln -l in user1 for the directory owning dir1 I get: ... dir 1 have permissions set of drwxrwx--x user1 grp3 etc but we cannot seem ... Also check that user2 has execute permissions on /home/user1, otherwise user2 cannot get to the directory via the symbolic link. ...
    (comp.os.linux.setup)
  • Re: Had it with Fedora!
    ... Think of ACLs as file permissions on steroids. ... The reason why RedHat is pushing it is because ACLs are a requirement ... more or less a copy of the VMS kernel. ...
    (alt.os.linux)