1 |
Uhm... time for a brief discussion of UNIX filesystems permissions 101. |
2 |
|
3 |
If a directory is writable to a user, then any file within that |
4 |
directory can be removed. |
5 |
|
6 |
dir (owner.owner, mode 0775 -- that's rwxrwxr-x) |
7 |
dir/file (user.user, mode 0444 -- that's r--r--r--) |
8 |
|
9 |
Anyone in group 'owner' can remove dir/file. |
10 |
|
11 |
This changes if dir has the sticky bit (1000) set: |
12 |
|
13 |
dir (owner.owner, mode 1775) |
14 |
dir/file (user.user, mode 0444) |
15 |
|
16 |
Individuals in group 'owner' can not remove dir/file. I don't rememver |
17 |
for certain whether user 'owner' can remove dir/file, but I would tend |
18 |
to think it can; even if it can't directly, since it owns the directory, |
19 |
it can thus change permissions to give itself permission). |
20 |
|
21 |
-Bill |
22 |
|
23 |
Piotr Kalinowski wrote: |
24 |
> On Wednesday 28 of July 2004 22:24, Greg Watson wrote: |
25 |
> |
26 |
>>| Not if it's chown'ed root:portage and chmod'ed 440 |
27 |
>> |
28 |
>>Wrong, if a user has +w mode to a directory they can forcefully remove a |
29 |
>>file. Try it |
30 |
> |
31 |
> |
32 |
> 440 does not give write acces to anybody. |
33 |
> |
34 |
> Regards, |
35 |
> |
36 |
|
37 |
-- |
38 |
William Yang |
39 |
wyang@××××.net |
40 |
|
41 |
-- |
42 |
gentoo-security@g.o mailing list |