Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


Search this Thread
Old 04-29-2013, 12:52 PM   #1
Ashish Sood
Registered: Feb 2009
Location: Gwalior
Distribution: Fedora 20, RHEL 6,7
Posts: 159

Rep: Reputation: 15
Why user can override the ACL file


Today i was practicing ACL and gave read permission to user on the file that simple mean the user can not write inside the file, But the picture was different after that i login from the user to write in the file after entering in the insert mode i got a warning message "read only file can not write into it, to write user ! to override " and i used wq! after that the file will be saved with my content and now the owner and group of the file will the user not root.

What is this is the security flaw of ACL.
Old 04-29-2013, 02:21 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Is this ext3 acls? ACL's appear in LOADS of places, please clarify.

Assuming it is ext3 though, then the owner of a file can change the rights of that file. So if the user could change a file to make it writable, vi will do it for you, as there's no security model to stop you doing it the long way round anyway.
Old 04-29-2013, 11:35 PM   #3
Senior Member
Registered: Aug 2009
Distribution: CentOS
Posts: 1,777

Rep: Reputation: 741Reputation: 741Reputation: 741Reputation: 741Reputation: 741Reputation: 741Reputation: 741
If the user has write permission in the directory, then the user can simple delete the existing file and create a new one with the same name. That's the way most editors update a file anyway (create a new file with a temporary name and then, after the writing is successful, rename it to replace the existing file), and the warning about a read-only file is just that, a warning.
Old 04-30-2013, 06:02 AM   #4
Ashish Sood
Registered: Feb 2009
Location: Gwalior
Distribution: Fedora 20, RHEL 6,7
Posts: 159

Original Poster
Rep: Reputation: 15
Thanks alot for this detailed information earlier i had misunderstand, now its clear to me
Old 05-04-2013, 09:38 AM   #5
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,579

Rep: Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247Reputation: 1247
This also emphasizes a very important point: don't assume.

Do log on as that other user, and do attempt to do what you intend for him to be unable to do, and confirm not only that it does not succeed but that the messages given are appropriate (and, if any logging should have occurred, that it actually did.)


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why does the ACL of a file created under a directory differ from the default ACL sctebnt Linux - Security 5 12-02-2011 09:13 AM
using pam to override file access restrictions gearoid_murphy Linux - General 7 08-26-2009 04:43 AM
Errors (override) with .config file phar0z Linux - Kernel 1 08-03-2009 11:34 AM
How can I override the '(5.00%) reserved for the super user' mkfs.ext3 creates? guba04 Linux - Hardware 9 01-27-2008 01:20 AM
setting privileges for a user to override another walidaly Linux - Security 1 11-24-2007 01:50 PM

All times are GMT -5. The time now is 06:31 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration