| 1 |
Uhm... time for a brief discussion of UNIX filesystems permissions 101. |
| 2 |
|
| 3 |
If a directory is writable to a user, then any file within that |
| 4 |
directory can be removed. |
| 5 |
|
| 6 |
dir (owner.owner, mode 0775 -- that's rwxrwxr-x) |
| 7 |
dir/file (user.user, mode 0444 -- that's r--r--r--) |
| 8 |
|
| 9 |
Anyone in group 'owner' can remove dir/file. |
| 10 |
|
| 11 |
This changes if dir has the sticky bit (1000) set: |
| 12 |
|
| 13 |
dir (owner.owner, mode 1775) |
| 14 |
dir/file (user.user, mode 0444) |
| 15 |
|
| 16 |
Individuals in group 'owner' can not remove dir/file. I don't rememver |
| 17 |
for certain whether user 'owner' can remove dir/file, but I would tend |
| 18 |
to think it can; even if it can't directly, since it owns the directory, |
| 19 |
it can thus change permissions to give itself permission). |
| 20 |
|
| 21 |
-Bill |
| 22 |
|
| 23 |
Piotr Kalinowski wrote: |
| 24 |
> On Wednesday 28 of July 2004 22:24, Greg Watson wrote: |
| 25 |
> |
| 26 |
>>| Not if it's chown'ed root:portage and chmod'ed 440 |
| 27 |
>> |
| 28 |
>>Wrong, if a user has +w mode to a directory they can forcefully remove a |
| 29 |
>>file. Try it |
| 30 |
> |
| 31 |
> |
| 32 |
> 440 does not give write acces to anybody. |
| 33 |
> |
| 34 |
> Regards, |
| 35 |
> |
| 36 |
|
| 37 |
-- |
| 38 |
William Yang |
| 39 |
wyang@××××.net |
| 40 |
|
| 41 |
-- |
| 42 |
gentoo-security@g.o mailing list |
Archives