deny rm permission for non-owner of files
We're running Red Hat Enterprise Linux 3 on some systems, and 4 on
others. My home directory permissions are set up thus: Linux$ ls -ld abs drwxrwxrwx 26 abs abs 4096 Sep 25 08:04 abs Linux$ I have a file in my home directory called someFile.txt. someFile.txt is owned by root. The file has permissions that allow read by all, but write only by root. Linux$ ls -l someFile* -rw-r--r-- 1 root root 30 Sep 25 07:59 someFile.txt Linux$ For purposes of this demonstration, this is me: Linux$ whoami abs Linux$ If I do not have write permissions, I can not over-write the file: Linux$ cat /dev/null >| someFile.txt bash: someFile.txt: Permission denied Linux$ That's good. However, if I try to remove the file... Linux$ rm someFile.txt rm: remove write-protected file `someFile.txt'? y Linux$ ls -l someFile* ls: someFile*: No such file or directory Linux$ I am able to remove the file, even though I don't own the file, and I don't have write permissions on the file, either. True, I do have write permissions on the parent directory that holds the file. Maybe that's why Linux lets me remove it? What I'd like is to be able to set up permissions or other mechanisms so that anybody can create a file in a directory, but if you don't own the file or don't have write permisson on the file, then you can't delete the file. Is that possible? |
From man chmod
Code:
RESTRICTED DELETION FLAG OR STICKY BIT |
some files are owned by system of linux... its protected by system and denied from deleting in its directory coz, the system are using that file... But technically, if the file is write protected, you can't remove the file...:-D
|
Deleting a file writes to the directory and not the file. Since you have write access to the directory, you can delete a root owned file.
Those permissions are horrible for a home directory. You could use tmp instead as a globally writable directory, or create one for that purpose. If you look at the permissions of the /tmp directory, you will see that it has the sticky bit set. A directory created for a globally writable samba share will have the same permissions, for the same reason. The "Samba 3 by Example" book (available in the samba-doc package) has a sample simple share including the steps to create the directory and subdirectories, including the permissions. |
All times are GMT -5. The time now is 07:26 PM. |