LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-25-2007, 08:31 AM   #1
AndrewBS42
LQ Newbie
 
Registered: May 2006
Posts: 7

Rep: Reputation: 1
Question deny rm permission for non-owner of files


We're running Red Hat Enterprise Linux 3 on some systems, and 4 on
others.

My home directory permissions are set up thus:

Linux$ ls -ld abs
drwxrwxrwx 26 abs abs 4096 Sep 25 08:04 abs
Linux$

I have a file in my home directory called someFile.txt.
someFile.txt is owned by root. The file has permissions that allow read by all, but write only by root.

Linux$ ls -l someFile*
-rw-r--r-- 1 root root 30 Sep 25 07:59 someFile.txt
Linux$

For purposes of this demonstration, this is me:

Linux$ whoami
abs
Linux$

If I do not have write permissions, I can not over-write the file:

Linux$ cat /dev/null >| someFile.txt
bash: someFile.txt: Permission denied
Linux$

That's good.

However, if I try to remove the file...

Linux$ rm someFile.txt
rm: remove write-protected file `someFile.txt'? y
Linux$ ls -l someFile*
ls: someFile*: No such file or directory
Linux$

I am able to remove the file, even though I don't own the file, and I
don't have write permissions on the file, either. True, I do have write
permissions on the parent directory that holds the file. Maybe that's
why Linux lets me remove it?

What I'd like is to be able to set up permissions or other mechanisms
so that anybody can create a file in a directory, but if you don't own
the file or don't have write permisson on the file, then you can't
delete the file. Is that possible?
 
Old 09-25-2007, 09:29 AM   #2
PTrenholme
Senior Member
 
Registered: Dec 2004
Location: Olympia, WA, USA
Distribution: Fedora, (K)Ubuntu
Posts: 4,149

Rep: Reputation: 330Reputation: 330Reputation: 330Reputation: 330
From man chmod
Code:
RESTRICTED DELETION FLAG OR STICKY BIT
       The restricted deletion flag or sticky bit is a single bit, whose interpretation depends
       on  the  file  type.   For  directories, it prevents unprivileged users from removing or
       renaming a file in the directory unless they own the file  or  the  directory;  this  is
       called  the  restricted deletion flag for the directory, and is commonly found on world-
       writable directories like /tmp.  For regular files on some older systems, the bit  saves
       the  programís text image on the swap device so it will load more quickly when run; this
       is called the sticky bit.
 
Old 10-03-2007, 01:45 AM   #3
BPS
LQ Newbie
 
Registered: Sep 2007
Posts: 5

Rep: Reputation: 0
some files are owned by system of linux... its protected by system and denied from deleting in its directory coz, the system are using that file... But technically, if the file is write protected, you can't remove the file...:-D
 
Old 10-03-2007, 01:53 AM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Deleting a file writes to the directory and not the file. Since you have write access to the directory, you can delete a root owned file.

Those permissions are horrible for a home directory. You could use tmp instead as a globally writable directory, or create one for that purpose. If you look at the permissions of the /tmp directory, you will see that it has the sticky bit set.

A directory created for a globally writable samba share will have the same permissions, for the same reason. The "Samba 3 by Example" book (available in the samba-doc package) has a sample simple share including the steps to create the directory and subdirectories, including the permissions.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Broken files/owner/group. kmoffat Debian 3 11-27-2006 07:18 PM
k3b - how to preserve owner and permission satimis Linux - Software 2 11-20-2006 08:07 PM
problem with owner of files bikov_k Linux - General 5 11-09-2006 03:03 PM
file owner permission problem in suse 10.1 gokulnath Suse/Novell 2 10-09-2006 12:25 AM
Change Owner on many files how to? linchat Linux - General 2 02-23-2006 04:14 PM


All times are GMT -5. The time now is 04:18 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration