LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 04-29-2013, 12:52 PM   #1
Ashish Sood
Member
 
Registered: Feb 2009
Location: Gwalior
Distribution: Fedora 20, RHEL 6,7
Posts: 159

Rep: Reputation: 15
Why user can override the ACL file


Hi,

Today i was practicing ACL and gave read permission to user on the file that simple mean the user can not write inside the file, But the picture was different after that i login from the user to write in the file after entering in the insert mode i got a warning message "read only file can not write into it, to write user ! to override " and i used wq! after that the file will be saved with my content and now the owner and group of the file will the user not root.

What is this is the security flaw of ACL.
 
Old 04-29-2013, 02:21 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Is this ext3 acls? ACL's appear in LOADS of places, please clarify.

Assuming it is ext3 though, then the owner of a file can change the rights of that file. So if the user could change a file to make it writable, vi will do it for you, as there's no security model to stop you doing it the long way round anyway.
 
Old 04-29-2013, 11:35 PM   #3
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 1,626

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
If the user has write permission in the directory, then the user can simple delete the existing file and create a new one with the same name. That's the way most editors update a file anyway (create a new file with a temporary name and then, after the writing is successful, rename it to replace the existing file), and the warning about a read-only file is just that, a warning.
 
Old 04-30-2013, 06:02 AM   #4
Ashish Sood
Member
 
Registered: Feb 2009
Location: Gwalior
Distribution: Fedora 20, RHEL 6,7
Posts: 159

Original Poster
Rep: Reputation: 15
Thanks alot for this detailed information earlier i had misunderstand, now its clear to me
 
Old 05-04-2013, 09:38 AM   #5
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,458

Rep: Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172
This also emphasizes a very important point: don't assume.

Do log on as that other user, and do attempt to do what you intend for him to be unable to do, and confirm not only that it does not succeed but that the messages given are appropriate (and, if any logging should have occurred, that it actually did.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why does the ACL of a file created under a directory differ from the default ACL sctebnt Linux - Security 5 12-02-2011 09:13 AM
using pam to override file access restrictions gearoid_murphy Linux - General 7 08-26-2009 04:43 AM
Errors (override) with .config file phar0z Linux - Kernel 1 08-03-2009 11:34 AM
How can I override the '(5.00%) reserved for the super user' mkfs.ext3 creates? guba04 Linux - Hardware 9 01-27-2008 01:20 AM
setting privileges for a user to override another walidaly Linux - Security 1 11-24-2007 01:50 PM


All times are GMT -5. The time now is 01:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration