LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 12-31-2008, 12:17 PM   #1
iinfi
LQ Newbie
 
Registered: Dec 2008
Posts: 26

Rep: Reputation: 15
query with file permissions


hi all,

i have a simple query with how file permissions are implemented.

here is how it goes.
1. As a root user i created two users u1 and u2
2. created a /share folder on root directory and gave 777 permission to it.
3. logged into u1 and created a file t1
4. logged into u2 and created a file t2
5. logged back into root and did a chmod 600 to the files in /share drive
6. now when i log into u1 and edit file t2 (which has owner u2:u2) it allows me to force edit the file even though the file doesnt have permissions for the user to edit it
the code is below. am i missing anything here?
Code:
[root@localhost ~]# useradd u1
[root@localhost ~]# useradd u2
[root@localhost ~]# mkdir /share
[root@localhost ~]#  ls -l / | grep share
drwxr-xr-x   2 root root  4096 Dec 30 16:00 share
[root@localhost ~]# chmod 777 /share/
[root@localhost ~]# su u1
[u1@localhost root]$ cd /share/
[u1@localhost share]$ touch t1
[u1@localhost share]$ ls -l
total 4
-rw-rw-r-- 1 u1 u1 0 Dec 30 16:04 t1
[u1@localhost share]$ vi t1 
[u1@localhost share]$ su
Password: 
[root@localhost share]# cat t1 
this is u1
[root@localhost share]# su u2
[u2@localhost share]$ cd /share/
[u2@localhost share]$ touch t2
[u2@localhost share]$ ls -l
total 12
-rw-rw-r-- 1 u1 u1 11 Dec 30 16:05 t1
-rw-rw-r-- 1 u2 u2  0 Dec 30 16:05 t2
[u2@localhost share]$ su 
Password: 
[root@localhost share]# chmod 600 *
[root@localhost share]# ls -l
total 12
-rw------- 1 u1 u1 11 Dec 30 16:05 t1
-rw------- 1 u2 u2  0 Dec 30 16:05 t2
[root@localhost share]# su u2
[u2@localhost share]$ vi t1
[u2@localhost share]$ cat t1
this is u2
[u2@localhost share]$ ls -l
total 12
-rw------- 1 u2 u2 11 Dec 30 16:09 t1
-rw------- 1 u2 u2  0 Dec 30 16:05 t2
[u2@localhost share]$
 
Old 12-31-2008, 03:39 PM   #2
rajeshkerala
Member
 
Registered: Mar 2008
Posts: 35

Rep: Reputation: 15
What u said is true...Its allowing to force write!
 
Old 12-31-2008, 04:18 PM   #3
Telemachos
Member
 
Registered: May 2007
Distribution: Debian
Posts: 754

Rep: Reputation: 59
This always surprises people. The problem is the permissions of the directory. Whether or not a specific user can edit a given file has to do with the permissions of the directory, even more than the permissions of the file. See here for more information: http://www.albany.edu/faculty/gms/ho...rmissions.html
 
Old 01-01-2009, 02:35 AM   #4
iinfi
LQ Newbie
 
Registered: Dec 2008
Posts: 26

Original Poster
Rep: Reputation: 15
thanks for your reply. i still didnt fully understand this file permissions.
well, in my scenario, if i wanted that the second user sud not view/modify the files of the first user, then i sud use uid n sticky bit.
i.e
chmod 5600 t1

am i rite?
 
Old 01-01-2009, 02:50 AM   #5
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
What vim did is replace the old file with the new one by the same name. The file you were left with was a new file owned by u2 and not u1. Deleting a file writes to the directory and not to the file itself. This is why the ownership and permissions on the file did not protect it. It could have been owned by root.

System directories such as /etc/ don't allow "others" to write, so they can't do this.

If you create a directory to use as a samba share that anyone can write to, you want to set the sticky bit on it as well.
sudo mkdir /srv/samba/public/
sudo chmod ugo=rwxt /srv/samba/public

---

One thing you might want to use is the `-d' option to ls. That makes it easy to look at the permissions of a directory. So instead of using "ls -l / | grep share", use "ls -ld /share".

Last edited by jschiwal; 01-01-2009 at 06:04 AM. Reason: fixed second command.
 
Old 01-01-2009, 05:11 AM   #6
iinfi
LQ Newbie
 
Registered: Dec 2008
Posts: 26

Original Poster
Rep: Reputation: 15
awesome .... thank you so much. now i get it. have a gr8 2009
 
  


Reply

Tags
file, permissions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
List LS query by file size hammertime1983 Linux - Newbie 3 05-27-2013 03:38 AM
Samba Permissions Query? carlosinfl Linux - Server 5 09-16-2008 08:20 PM
File Renaming Query johnpaulodonnell Linux - Newbie 5 11-07-2006 11:08 AM
file permissions OK, but command permissions? stabu Linux - General 2 10-05-2005 01:00 PM
/etc/group File Query Obie Linux - General 1 07-21-2004 01:02 AM


All times are GMT -5. The time now is 08:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration