LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-06-2012, 04:51 PM   #1
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 536

Rep: Reputation: Disabled
Why can a normal user write to roots files?


Why can user NotionCommotion delete or modify root's files? I must have given NotionCommotion some authorization, but don't remember doing so. Where would I see this authorization? I checked in /etc/passwd and /etc/group and also did a #id for NotionCommotion as shown below. Does it have something to do with being located in NotionCommotion's home directory?

Thank you

[root@localhost NotionCommotion]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@localhost NotionCommotion]# vi test
[root@localhost NotionCommotion]# ls -l test
-rw-r--r-- 1 root root 7 Aug 6 13:27 test
[root@localhost NotionCommotion]#

****************************************

[NotionCommotion@localhost ~]$ id
uid=500(NotionCommotion) gid=500(NotionCommotion) groups=500(NotionCommotion),502(vboxusers)
[NotionCommotion@localhost ~]$ ls -l test
-rw-r--r-- 1 root root 7 Aug 6 13:27 test
[NotionCommotion@localhost ~]$ rm test
rm: remove write-protected regular file `test'? y
[NotionCommotion@localhost ~]$ ls -l test
ls: test: No such file or directory
[NotionCommotion@localhost ~]$ cd ..
[NotionCommotion@localhost home]$ ls NotionCommotion
dbg-4.6.3-Linux doc my_files wc_output XP SP3.iso
Desktop libreoffice vwd.iso WindowsXP.iso
[NotionCommotion@localhost home]$
 
Old 08-06-2012, 07:03 PM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Check the ownerships/perms of the containing dir.
Note that files don't actually exist in *nix, instead they are just data blocks pointed to by the dir inode, which contains the metadata for the files eg name, ownerships, perms etc.
Thus, writing to a dir (which is what delete is) is a fn of the ownerships/perms of the dir inode file.
https://en.wikipedia.org/wiki/Inode
http://linux.die.net/sag/filesystems.html
 
Old 08-06-2012, 11:57 PM   #3
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 536

Original Poster
Rep: Reputation: Disabled
Hi chrism01,

Thank you for the reply.

Before I go on, what is the proper etiquette to display shell script (i.e. nothing, quotes, #, php)?

Below is the ownership and permissions of the containing directory. I didn't know how to show just the single directory as ls -l NotionCommotion shows the contents of the directory. I am sure I will learn in time, but feel free to advise if you want. I am a little confused about how "writing to a dir (which is what delete is) is a fn of the ownerships/perms of the dir inode" but suppose I will even learn that in time. For now, the question at hand

Thanks again, Michael


[root@localhost home]# ls -l
total 16
drwxr-xr-x 3 blueballs blueballs 4096 Jun 27 04:50 blueballs
drwx------ 20 NotionCommotion NotionCommotion 4096 Aug 6 13:27 NotionCommotion
drwxr-xr-x 3 502 503 4096 Aug 4 05:49 redmine
[root@localhost home]#
 
Old 08-07-2012, 12:59 AM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
How to use code blocks etc to show code, data etc https://www.linuxquestions.org/quest...do=bbcode#code

So it would look like this
Code:
[root@localhost home]# ls -l
total 16
drwxr-xr-x 3 blueballs blueballs 4096 Jun 27 04:50 blueballs
drwx------ 20 NotionCommotion NotionCommotion 4096 Aug 6 13:27 NotionCommotion
drwxr-xr-x 3 502 503 4096 Aug 4 05:49 redmine
Various ways to list only dirs http://www.cyberciti.biz/faq/linux-l...rectory-names/

Anyway, taking the 2nd dir there, which i think you are talking about,
Code:
drwx------ 20 NotionCommotion NotionCommotion 4096 Aug 6 13:27 NotionCommotion
We can say the following (left to right:

1. 'd' => its a dir http://bashshell.net/file-permission...ux-file-types/

2. perms http://www.tuxfiles.org/linuxhelp/filepermissions.html are grouped in 3's: user (aka owner), group, other (aka world) so:
user = rwx = read/write/execute
group = --- = none
other = --- = none

3. Ownerships see perms link
owner = NotionCommotion
(owning) group = NotionCommotion

4. Hopefully by reading those (all) links carefully, you'll see what I mean.
Basically, the 'file' is just a set of data blocks pointed to by the dir inode.
If you own that inode (and you do) and you have 'write' perm (you do) then you can 'write' ie add OR remove entries in the inode file ie effectively control the existence of the files that exist ' inside' ie data block groups pointed to by the dir inode.

Have a play with touch, chown & chmod cmds and re-read the links above.
http://linux.die.net/man/

Good Luck
 
Old 08-07-2012, 02:42 AM   #5
segmentation_fault
Member
 
Registered: Sep 2008
Location: Ioannina, Greece
Distribution: Gentoo
Posts: 332

Rep: Reputation: 55
To put it simple, what you are doing is not write to the file (you can't do that, try to append something to it) but write to the directory containing the file (you can do that, because you are the owner).
 
Old 08-07-2012, 09:31 AM   #6
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 536

Original Poster
Rep: Reputation: Disabled
Quote:
To put it simple, what you are doing is not write to the file (you can't do that, try to append something to it) but write to the directory containing the file (you can do that, because you are the owner).
I was able to append (vi just made me use w!). What (also) struck me as odd was that the ownership and group of the file changed. As seen below, the file with the name of "new" has the same inode number, so presumably it actually the same.

Code:
[NotionCommotion@localhost ~]$ ls -il new
9309457 -rw-r--r-- 1 root root 6 Aug  7 05:29 new
[NotionCommotion@localhost ~]$ vi new
[NotionCommotion@localhost ~]$ ls -il new
9309457 -rw-r--r-- 1 NotionCommotion NotionCommotion 13 Aug  7 05:31 new
[NotionCommotion@localhost ~]$
Quote:
Basically, the 'file' is just a set of data blocks pointed to by the dir inode.
If you own that inode (and you do) and you have 'write' perm (you do) then you can 'write' ie add OR remove entries in the inode file ie effectively control the existence of the files that exist ' inside' ie data block groups pointed to by the dir inode.
Got it that I have rwe of the directory, but struggling why I can modify the file yet keep the inode number the same (if the inode changed, I would assume that a new file was created and since nothing pointed to the old "new", the disk space was made free). Then I had root create a hardlink to /home/NotionCommotion/new, and then NotionCommotion couldn't change it. Well, first thing that went as expected! So, at the end of a day, is this just a feature?
 
Old 08-07-2012, 09:50 AM   #7
segmentation_fault
Member
 
Registered: Sep 2008
Location: Ioannina, Greece
Distribution: Gentoo
Posts: 332

Rep: Reputation: 55
Quote:
Originally Posted by NotionCommotion View Post

Code:
[NotionCommotion@localhost ~]$ ls -il new
9309457 -rw-r--r-- 1 root root 6 Aug  7 05:29 new
[NotionCommotion@localhost ~]$ vi new
[NotionCommotion@localhost ~]$ ls -il new
9309457 -rw-r--r-- 1 NotionCommotion NotionCommotion 13 Aug  7 05:31 new
[NotionCommotion@localhost ~]$
Not the same file. Unless you did a chown, chgrp before the second ls, which I don't think you did.
 
Old 08-07-2012, 10:37 AM   #8
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 536

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by segmentation_fault View Post
Not the same file. Unless you did a chown, chgrp before the second ls, which I don't think you did.
No, I didn't chown/chgrp.

If not the same file, why does it have the same inode? And to think that I had never even heard of an "inode" yesterday
 
Old 08-07-2012, 12:29 PM   #9
segmentation_fault
Member
 
Registered: Sep 2008
Location: Ioannina, Greece
Distribution: Gentoo
Posts: 332

Rep: Reputation: 55
Because the same inode is used for the new file. I don't know if it just happened or it's normal behavior. That's as far as I can get you. Someone with better understanding on filesystems might help more.
 
Old 08-07-2012, 12:38 PM   #10
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
I don't think people here are understanding what is happening. I didn't believe it either until I tested it on my own machine.

As root, cd into a user's home directory. Create a file, run an ls -l to ensure owner/group is root and permissions are 644. Then su back to the user who's directory you're sitting in. That user will have full control over the file, even though it belongs to root and the user has no owner/group/other permissions to do so.

Code:
[root@localhost user]# pwd
/home/user
[root@localhost user]# echo root:line1 > testfile
[root@localhost user]# cat testfile
root:line1
[root@localhost user]# ls -l testfile
-rw-r--r-- 1 root root 11 Aug  7 10:35 testfile


then as the regular user:


[user@localhost ~]$ ls -l testfile
-rw-r--r-- 1 root root 11 Aug  7 10:35 testfile
[user@localhost ~]$ vi testfile  # At this point I added a new line to the file and forced write with wq!
[user@localhost ~]$ cat testfile
root:line1
user:line2
[user@localhost ~]$ ls -l testfile
-rw-r--r-- 1 user user 22 Aug  7 10:35 testfile
I never chmodded, chowned, etc. What you see is exactly how it happened. I didn't use su to switch from root to the regular user either, I was in a completely different terminal.

OP - I'm with you on this. I didn't expect it to work, and I don't know why it does.

Last edited by suicidaleggroll; 08-07-2012 at 12:40 PM.
 
Old 08-07-2012, 02:40 PM   #11
segmentation_fault
Member
 
Registered: Sep 2008
Location: Ioannina, Greece
Distribution: Gentoo
Posts: 332

Rep: Reputation: 55
Sorry, my mistake. Back in a minute.
Here it goes (I messed up wd before):
Code:
hitman@terminator ~ $ su -l
Password: 
terminator ~ # cd /home/hitman
terminator hitman # echo "something" > test.me
terminator hitman # cat ./test.me 
something
terminator hitman # ls -l test.me 
-rw-r--r-- 1 root root 10 Aug  7 21:42 test.me
terminator hitman # logout
hitman@terminator ~ $ ls -l test.me 
-rw-r--r-- 1 root root 10 Aug  7 21:42 test.me
hitman@terminator ~ $ cat test.me 
something
hitman@terminator ~ $ echo "haha" >> test.me 
-bash: test.me: Permission denied
hitman@terminator ~ $
So, no access to root's file. If you executed w! in vim, you told it to override the permission denied thing and replace the file; it didn't write on the original.

Last edited by segmentation_fault; 08-07-2012 at 02:45 PM. Reason: newbie mistake
 
Old 08-07-2012, 03:19 PM   #12
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 536

Original Poster
Rep: Reputation: Disabled
I guess this makes sense.

So, as a normal user, I have write access over my home directory, but not restricted files. As such, I can remove the restricted file from my home directory, but cannot edit it. If a file does not existing in any directory, then Linux automatically deletes it. So, when I execute w! in vim, I am removing the file from my directory, Linux is deleting it, then a new file with the same name and the same inode is created with me as the user and group. Can't believe a newbie like me got confused! If there is a hardlink to the file, however, I can remove the file from my directory, but there is still some link to the file so w! in vim can't highjack the inode.
 
Old 08-07-2012, 04:11 PM   #13
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Quote:
Originally Posted by segmentation_fault View Post
So, no access to root's file. If you executed w! in vim, you told it to override the permission denied thing and replace the file; it didn't write on the original.
I guess I had always assumed that you needed write permission on the file in order to delete it, but it appears that you only need write permission on the directory the file lives in order to delete the file. Learn something new every day.

Last edited by suicidaleggroll; 08-07-2012 at 04:12 PM.
 
Old 08-07-2012, 07:00 PM   #14
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Actually, I believe it gets overwritten in-place. vi does not create a new file that 'just happens' to get the same inode number.
You could try using strace on vi/vim to be sure.
See also the stat http://linux.die.net/man/1/stat cmd for file metadata
 
Old 08-07-2012, 09:54 PM   #15
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 536

Original Poster
Rep: Reputation: Disabled
I am surprised no one brought up the elusive sticky bit. I've heard of it before and was told it my the cause of my problems, but never before recently understood what it was. It isn't exactly what we were talking about because it apparently (untested by me) allows directory owners but not other authorized directory individuals to delete another's files.

Just finishing a book called Linux Essentials by Roderick Smith and published by Sybex (p.s. highly recommended by this newbie) and two pages after I thought I found a bug in Linux (just kidding) it described exactly what I witnessed, and went on to describe the stick bit.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] problem. user allowed to modify roots files in /home qrange Linux - Newbie 17 02-09-2012 02:27 AM
A normal user now has write permissions for the whole file system 16777216 Ubuntu 2 10-23-2006 10:32 AM
New reiser partition. How can normal user write on it? pepeq Linux - Hardware 5 12-09-2004 07:20 PM
Cant read/write to second hard disk under normal user Nukem Linux - General 8 01-28-2004 08:03 AM
how can a normal user write into /mnt/win kevinqian Linux - General 1 10-31-2003 09:27 PM


All times are GMT -5. The time now is 03:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration