-   Linux - Newbie (
-   -   query with file permissions (

iinfi 12-31-2008 11:17 AM

query with file permissions
hi all,

i have a simple query with how file permissions are implemented.

here is how it goes.
1. As a root user i created two users u1 and u2
2. created a /share folder on root directory and gave 777 permission to it.
3. logged into u1 and created a file t1
4. logged into u2 and created a file t2
5. logged back into root and did a chmod 600 to the files in /share drive
6. now when i log into u1 and edit file t2 (which has owner u2:u2) it allows me to force edit the file even though the file doesnt have permissions for the user to edit it
the code is below. am i missing anything here?

[root@localhost ~]# useradd u1
[root@localhost ~]# useradd u2
[root@localhost ~]# mkdir /share
[root@localhost ~]#  ls -l / | grep share
drwxr-xr-x  2 root root  4096 Dec 30 16:00 share
[root@localhost ~]# chmod 777 /share/
[root@localhost ~]# su u1
[u1@localhost root]$ cd /share/
[u1@localhost share]$ touch t1
[u1@localhost share]$ ls -l
total 4
-rw-rw-r-- 1 u1 u1 0 Dec 30 16:04 t1
[u1@localhost share]$ vi t1
[u1@localhost share]$ su
[root@localhost share]# cat t1
this is u1
[root@localhost share]# su u2
[u2@localhost share]$ cd /share/
[u2@localhost share]$ touch t2
[u2@localhost share]$ ls -l
total 12
-rw-rw-r-- 1 u1 u1 11 Dec 30 16:05 t1
-rw-rw-r-- 1 u2 u2  0 Dec 30 16:05 t2
[u2@localhost share]$ su
[root@localhost share]# chmod 600 *
[root@localhost share]# ls -l
total 12
-rw------- 1 u1 u1 11 Dec 30 16:05 t1
-rw------- 1 u2 u2  0 Dec 30 16:05 t2
[root@localhost share]# su u2
[u2@localhost share]$ vi t1
[u2@localhost share]$ cat t1
this is u2
[u2@localhost share]$ ls -l
total 12
-rw------- 1 u2 u2 11 Dec 30 16:09 t1
-rw------- 1 u2 u2  0 Dec 30 16:05 t2
[u2@localhost share]$

rajeshkerala 12-31-2008 02:39 PM

What u said is true...Its allowing to force write!

Telemachos 12-31-2008 03:18 PM

This always surprises people. The problem is the permissions of the directory. Whether or not a specific user can edit a given file has to do with the permissions of the directory, even more than the permissions of the file. See here for more information:

iinfi 01-01-2009 01:35 AM

thanks for your reply. i still didnt fully understand this file permissions.
well, in my scenario, if i wanted that the second user sud not view/modify the files of the first user, then i sud use uid n sticky bit.
chmod 5600 t1

am i rite?

jschiwal 01-01-2009 01:50 AM

What vim did is replace the old file with the new one by the same name. The file you were left with was a new file owned by u2 and not u1. Deleting a file writes to the directory and not to the file itself. This is why the ownership and permissions on the file did not protect it. It could have been owned by root.

System directories such as /etc/ don't allow "others" to write, so they can't do this.

If you create a directory to use as a samba share that anyone can write to, you want to set the sticky bit on it as well.
sudo mkdir /srv/samba/public/
sudo chmod ugo=rwxt /srv/samba/public


One thing you might want to use is the `-d' option to ls. That makes it easy to look at the permissions of a directory. So instead of using "ls -l / | grep share", use "ls -ld /share".

iinfi 01-01-2009 04:11 AM

awesome .... thank you so much. now i get it. have a gr8 2009

All times are GMT -5. The time now is 03:19 AM.