query with file permissions
hi all,
i have a simple query with how file permissions are implemented. here is how it goes. 1. As a root user i created two users u1 and u2 2. created a /share folder on root directory and gave 777 permission to it. 3. logged into u1 and created a file t1 4. logged into u2 and created a file t2 5. logged back into root and did a chmod 600 to the files in /share drive 6. now when i log into u1 and edit file t2 (which has owner u2:u2) it allows me to force edit the file even though the file doesnt have permissions for the user to edit it the code is below. am i missing anything here? Code:
[root@localhost ~]# useradd u1 |
What u said is true...Its allowing to force write!
|
This always surprises people. The problem is the permissions of the directory. Whether or not a specific user can edit a given file has to do with the permissions of the directory, even more than the permissions of the file. See here for more information: http://www.albany.edu/faculty/gms/ho...rmissions.html
|
thanks for your reply. i still didnt fully understand this file permissions.
well, in my scenario, if i wanted that the second user sud not view/modify the files of the first user, then i sud use uid n sticky bit. i.e chmod 5600 t1 am i rite? |
What vim did is replace the old file with the new one by the same name. The file you were left with was a new file owned by u2 and not u1. Deleting a file writes to the directory and not to the file itself. This is why the ownership and permissions on the file did not protect it. It could have been owned by root.
System directories such as /etc/ don't allow "others" to write, so they can't do this. If you create a directory to use as a samba share that anyone can write to, you want to set the sticky bit on it as well. sudo mkdir /srv/samba/public/ sudo chmod ugo=rwxt /srv/samba/public --- One thing you might want to use is the `-d' option to ls. That makes it easy to look at the permissions of a directory. So instead of using "ls -l / | grep share", use "ls -ld /share". |
awesome .... thank you so much. now i get it. have a gr8 2009
|
All times are GMT -5. The time now is 03:31 AM. |