LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-17-2008, 10:59 PM   #1
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Question root-owned file is able to be deleted with my non-root account


I was playing around with sudo and noticed some interesting behaviour. I'm sure there is a simple explanation to this, but since I don't have it yet I'm a bit concerned. I'd actually be kinda freaked-out if it wasn't for the fact that I can reproduce this on completely different distros. Basically, if I use sudo to create a root-owned file, I am able to delete said file with my non-root account. My question is: Why?
Code:
win32sux@candystore:~$ sudo touch eraseme.txt
win32sux@candystore:~$ ls -l | grep eraseme
-rw-r--r--  1 root  root        0 2008-11-17 23:53 eraseme.txt
win32sux@candystore:~$ rm -f eraseme.txt 
win32sux@candystore:~$ ls -l | grep eraseme
win32sux@candystore:~$
 
Old 11-17-2008, 11:16 PM   #2
n03x3c
Member
 
Registered: Aug 2008
Location: India
Distribution: Fedora, RedHat
Posts: 101

Rep: Reputation: 17
I suspect something is wrong, either at you or at me! I find something diff on my machine while using sudo... I first cd to / and then create file, with sudo and try to remove without sudo and it gives me "Permission Denied" error.

But if I create file in my home dir (that's what you're doing), I can remove that file... and user is again root and group is root and chmod perms are also 644.

Now IDK what this means... if any freak knows about this, I'd like to know...
 
Old 11-18-2008, 12:55 AM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 17,782

Rep: Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538Reputation: 2538
From the Perl Cookbook
Quote:
Under Unix, deleting a file from a directory requires write access to the directory,[1] not to the file, because it's the directory you're changing. Under some circumstances, you could remove a file you couldn't write to or write to a file you couldn't remove.

[1] Unless the sticky bit, mode 01000, is turned on for the directory, which further restricts deletions to be by the owner only. Shared directories like /tmp are usually mode 01777 for security reasons.

If you delete a file that some process still has open, the operating system removes the directory entry but doesn't free up data blocks until all processes have closed the file.
 
Old 11-18-2008, 02:00 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Thanks, chrism01! I knew there was a simple and logical explanation. I can't believe the thought of the sticky bit never even crossed my mind when pondering about this. Yikes! But yeah, it makes perfect sense now. I'll post an illustration for anyone running into this thread in the future.

File in non-sticky directory (can delete, but can't edit):
Code:
win32sux@candystore:~$ pwd
/home/win32sux
win32sux@candystore:~$ sudo touch eraseme.txt
win32sux@candystore:~$ ls -l | grep eraseme
-rw-r--r--  1 root  root        0 2008-11-18 12:51 eraseme.txt
win32sux@candystore:~$ echo xxx > eraseme.txt 
bash: eraseme.txt: Permission denied
win32sux@candystore:~$ rm -f eraseme.txt 
win32sux@candystore:~$ ls -l | grep eraseme
win32sux@candystore:~$
File in sticky directory (can't delete and can't edit):
Code:
win32sux@candystore:~$ sudo touch /tmp/eraseme.txt
win32sux@candystore:~$ echo xxx > /tmp/eraseme.txt 
bash: /tmp/eraseme.txt: Permission denied
win32sux@candystore:~$ rm -f /tmp/eraseme.txt 
rm: cannot remove `/tmp/eraseme.txt': Operation not permitted
win32sux@candystore:~$

Last edited by win32sux; 11-18-2008 at 02:06 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Deleted root account - Ubuntu 6.06 User Name. Linux - Newbie 12 01-09-2007 12:36 AM
Deleted ROOT account Ashrack Linux - General 1 09-17-2006 12:13 PM
MySQL deleted root account and can't re-install... ivj Linux - Software 2 07-09-2004 10:51 PM
root account Deleted chandu Linux - Security 1 06-18-2004 12:47 PM
Make a file owned by root owned by a user sharpie Linux - Newbie 2 02-26-2004 01:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration