why can I write to a file I don't have perms to??
Tobias Speckbacher
TSpeckbacher at quova.com
Thu Apr 14 22:33:16 UTC 2005
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]On Behalf Of Tobias Speckbacher
> Sent: Thursday, April 14, 2005 3:27 PM
> To: General Red Hat Linux discussion list
> Subject: RE: why can I write to a file I don't have perms to??
>
>
>
>
> > -----Original Message-----
> > From: redhat-list-bounces at redhat.com
> > [mailto:redhat-list-bounces at redhat.com]On Behalf Of
> > David.Knight at clubcorp.com
> > Sent: Thursday, April 14, 2005 3:19 PM
> > To: General Red Hat Linux discussion list
> > Cc: General Red Hat Linux discussion list;
> > redhat-list-bounces at redhat.com
> > Subject: RE: why can I write to a file I don't have perms to??
> >
> >
> > Hummm, I'm sure that it is suppose to work this way but I
> > don't understand
> > why. This is a much weaker security model then any Unix filesystem
> > standards.
>
> Works exactly the same way on Solaris, etc.
I take that back, sticky does serve the same purpose though,
although it does not seem to apply in the context you stated on Solaris.
>
> >
> >
> >
> >
> >
> > "Tobias Speckbacher" <TSpeckbacher at quova.com>
> > Sent by: redhat-list-bounces at redhat.com
> > 04/14/2005 05:17 PM
> > Please respond to General Red Hat Linux discussion list
> >
> >
> > To: "General Red Hat Linux discussion list"
> > <redhat-list at redhat.com>
> > cc:
> > Subject: RE: why can I write to a file I don't
> > have perms to??
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: redhat-list-bounces at redhat.com
> > > [mailto:redhat-list-bounces at redhat.com]On Behalf Of
> > > David.Knight at clubcorp.com
> > > Sent: Thursday, April 14, 2005 2:59 PM
> > > To: General Red Hat Linux discussion list
> > > Cc: redhat-list at redhat.com; redhat-list-bounces at redhat.com
> > > Subject: Re: why can I write to a file I don't have perms to??
> > >
> > >
> > > David.Knight at clubcorp.com
> > > Sent by: redhat-list-bounces at redhat.com
> > > 04/14/2005 04:56 PM
> > > Please respond to General Red Hat Linux discussion list
> > >
> > >
> > > To: redhat-list at redhat.com
> > > cc:
> > > Subject: why can I write to a file I don't own??
> > >
> > >
> > > RedHat List,
> > > I was working on a script the other day and ran into
> > > an anomaly
> > > with the file permission's on files. I have checked this on
> > > several ES
> > > servers and all produce the same results. Say a file has the
> > > following
> > > perms: 644 and it is owner and group are root:root. as long
> > > as a user has
> > >
> > > write permission's to the directory it is in they can write
> > > to it.
> >
> > This is how it is supposed to work.
> >
> > >not
> > > only that the UID:GID change to that user. I am running ext3
> > > file systems
> > > with kernel 2.4.21-20.ELsmp. So my question is
> > >
> > > 1) why is this allowed?
> > > 2) can I change this?
> >
> > yes create a directory as root and set the sticky bit on it,
> > deposit the
> > file you want to protect inside this directory.
> > This should prevent the user from messing with the files.
> >
> > http://www.linuxdevcenter.com/pub/a/linux/lpt/22_06.html
> >
> > >
> > > # pwd
> > > /home/test_dir
> > > # rm test.fil
> > > # pwd
> > > /home/test_dir
> > > # ls -ld .
> > > drwxr-xr-x 2 user7 root 4096 Apr 14 16:56 .
> > > # id
> > > uid=0(root) gid=0(root)
> > > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> > > # echo "test from root" > test.fil
> > > # ls -l test.fil
> > > -rw-r--r-- 1 root root 15 Apr 14 16:57 test.fil
> > > # su - user7
> > > $vi test.fil
> > > $ ls -l test.fil
> > > -rw-r--r-- 1 user7 user7 31 Apr 14 16:57 test.fil
> > > $ cat test.fil
> > > test from root
> > > test from uset7
> > >
> > > However it doesn't let you echo "test from user7" >
> ./test.fil. it
> > > responds correctly......
> > > Any thoughts on this would be great.
> > > -David Knight
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe
> > mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > >
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe
> > mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> >
> > --
> > redhat-list mailing list
> > unsubscribe
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list