Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-25-2007, 09:31 AM
|
#1
|
LQ Newbie
Registered: May 2006
Posts: 7
Rep:
|
deny rm permission for non-owner of files
We're running Red Hat Enterprise Linux 3 on some systems, and 4 on
others.
My home directory permissions are set up thus:
Linux$ ls -ld abs
drwxrwxrwx 26 abs abs 4096 Sep 25 08:04 abs
Linux$
I have a file in my home directory called someFile.txt.
someFile.txt is owned by root. The file has permissions that allow read by all, but write only by root.
Linux$ ls -l someFile*
-rw-r--r-- 1 root root 30 Sep 25 07:59 someFile.txt
Linux$
For purposes of this demonstration, this is me:
Linux$ whoami
abs
Linux$
If I do not have write permissions, I can not over-write the file:
Linux$ cat /dev/null >| someFile.txt
bash: someFile.txt: Permission denied
Linux$
That's good.
However, if I try to remove the file...
Linux$ rm someFile.txt
rm: remove write-protected file `someFile.txt'? y
Linux$ ls -l someFile*
ls: someFile*: No such file or directory
Linux$
I am able to remove the file, even though I don't own the file, and I
don't have write permissions on the file, either. True, I do have write
permissions on the parent directory that holds the file. Maybe that's
why Linux lets me remove it?
What I'd like is to be able to set up permissions or other mechanisms
so that anybody can create a file in a directory, but if you don't own
the file or don't have write permisson on the file, then you can't
delete the file. Is that possible?
|
|
|
09-25-2007, 10:29 AM
|
#2
|
Senior Member
Registered: Dec 2004
Location: Olympia, WA, USA
Distribution: Fedora, (K)Ubuntu
Posts: 4,187
|
From man chmod
Code:
RESTRICTED DELETION FLAG OR STICKY BIT
The restricted deletion flag or sticky bit is a single bit, whose interpretation depends
on the file type. For directories, it prevents unprivileged users from removing or
renaming a file in the directory unless they own the file or the directory; this is
called the restricted deletion flag for the directory, and is commonly found on world-
writable directories like /tmp. For regular files on some older systems, the bit saves
the program’s text image on the swap device so it will load more quickly when run; this
is called the sticky bit.
|
|
|
10-03-2007, 02:45 AM
|
#3
|
LQ Newbie
Registered: Sep 2007
Posts: 5
Rep:
|
some files are owned by system of linux... its protected by system and denied from deleting in its directory coz, the system are using that file... But technically, if the file is write protected, you can't remove the file...:-D
|
|
|
10-03-2007, 02:53 AM
|
#4
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
Deleting a file writes to the directory and not the file. Since you have write access to the directory, you can delete a root owned file.
Those permissions are horrible for a home directory. You could use tmp instead as a globally writable directory, or create one for that purpose. If you look at the permissions of the /tmp directory, you will see that it has the sticky bit set.
A directory created for a globally writable samba share will have the same permissions, for the same reason. The "Samba 3 by Example" book (available in the samba-doc package) has a sample simple share including the steps to create the directory and subdirectories, including the permissions.
|
|
|
All times are GMT -5. The time now is 01:19 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|