[SOLVED] problem. user allowed to modify roots files in /home
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
problem. user allowed to modify roots files in /home
If I run 'sudo touch /home/user1/tst', the user1 can remove file tst (even though root is owner, and others should be able to read it only). Please tell me, is that normal behaviour or security issue?
/home is on ext3.
thanks.
Click here to see the post LQ members have rated as the most helpful post in this thread.
hm, user1 is not in root's private group:
user1@debian:~$ cat /etc/group
root:x:0:
I am talking about the files created by root in home/user1 directory.
user1 cannot modify/delete files in /etc/ or similar, but has full access to all files in its home (even those owned by root).
root is default owner for all files and user is owner of its home directory
but you need to check the permission of the file which is created by root inside /home directory of user
for eg:
Code:
-rw-r--r-- 1 root root 0 Feb 8 18:19 test.txt
The file is inside user's home dir and is owned by root so user will not be able to make any changes because the permission is 644
only owner can make changes and not others
If I run 'sudo touch /home/user1/tst', the user1 can remove file tst (even though root is owner, and others should be able to read it only). Please tell me, is that normal behaviour or security issue?
/home is on ext3.
thanks.
Yes this behaviour is quite normal.
In order to remove file user don't need any permissions to the file, but write permission to directory that this file in.
If I run 'sudo touch /home/user1/tst', the user1 can remove file tst (even though root is owner, and others should be able to read it only). Please tell me, is that normal behaviour or security issue?
/home is on ext3.
thanks.
It looks to me like USER created the file so root's 'touch' would only modify the access time.
I.e., it was never root's file. (Others have noted the inheritance of ownership from the parent folder and this may be why it was never root's.)
But to belabor the subject, for example if a user creates a text file
Code:
echo "This is $USER" > test.txt
then as root or sudo or whatever does this...
Code:
echo "And this is ROOT" >> test.txt
User can still add another line:
Code:
echo "And this is $USER again" >> test.txt
and USER can delete the file when no longer needed.
In the original post all root did was "touch" a preexisting file and that does not change ownership.
@deep27ak
I had checked 'only owner can rename and delete folder content' for /home/user1 in krusader, presuming thats 'sticky bit'.
there is no such option for files.
@rainbowsally
the file was not preexisting. it was created with sudo touch, and had root as owner. exact same thing happens if I use su instead.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.