why can't i delete a file with bin group?

Damoek · 10-22-2008, 11:13 PM

I was doing a little playing around with permissions on a 5.3 box in the office and wanted to make it so that it does not take root permission to delete a users home directory once they are deactivated or deleted in smit.
the default permissions are 755 with bin as both user and group
I noticed that if i change the permissions to 775 and give a typical user group membership in bin he can not delete a file in that folder.
I noticed also that if i change the group ownership of the directory to staff, (which my user also has membership) folders contained inside I can delete.

is there something special about the bin group that would prevent even a user who has group membership from being able to take advantage of them when bin is the group owner of the folder?

Simon Bridge · 10-23-2008, 02:06 AM

Well - of course... think: what sort of files would the bin group member otherwise be able to delete?
The permission bits are not the only security on your system.

Damoek · 10-23-2008, 08:18 AM

that makes a ton of sense. I wouldn't want some of our less capable sys admins deleting executables.

Just for my deeper understanding, how is the bin group protected in this way? Seems kind of like a sticky-bit-but-not-really sort of thing.

paulsm4 · 10-23-2008, 02:34 PM

Hi -

I presume your AIX box is probably using the "afs" filesystem, with ACLs (Access Control Lists). This link might help:

http://www.pdc.kth.se/support/afs-tour.html

Damoek · 10-23-2008, 02:36 PM

actually jfs2... is afs better?

paulsm4 · 10-24-2008, 09:08 AM

No, I was merely suggesting you want to look at "ACL's" to understand this behavior, and the link I pointed to happened to be about afs (instead of jfs, or jfs2).

Your .. PSM