Why user can override the ACL file
 

Hi,

Today i was practicing ACL and gave read permission to user on the file that simple mean the user can not write inside the file, But the picture was different after that i login from the user to write in the file after entering in the insert mode i got a warning message "read only file can not write into it, to write user ! to override " and i used wq! after that the file will be saved with my content and now the owner and group of the file will the user not root.

What is this is the security flaw of ACL.

Is this ext3 acls? ACL's appear in LOADS of places, please clarify.

Assuming it is ext3 though, then the owner of a file can change the rights of that file. So if the user could change a file to make it writable, vi will do it for you, as there's no security model to stop you doing it the long way round anyway.

If the user has write permission in the directory, then the user can simple delete the existing file and create a new one with the same name. That's the way most editors update a file anyway (create a new file with a temporary name and then, after the writing is successful, rename it to replace the existing file), and the warning about a read-only file is just that, a warning.

Thanks alot for this detailed information earlier i had misunderstand, now its clear to me :)

This also emphasizes a very important point: don't assume.

Do log on as that other user, and do attempt to do what you intend for him to be unable to do, and confirm not only that it does not succeed but that the messages given are appropriate (and, if any logging should have occurred, that it actually did.)