why can I write to a file I don't have perms to??
Tobias Speckbacher
TSpeckbacher at quova.com
Thu Apr 14 22:26:49 UTC 2005
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]On Behalf Of
> David.Knight at clubcorp.com
> Sent: Thursday, April 14, 2005 3:19 PM
> To: General Red Hat Linux discussion list
> Cc: General Red Hat Linux discussion list;
> redhat-list-bounces at redhat.com
> Subject: RE: why can I write to a file I don't have perms to??
>
>
> Hummm, I'm sure that it is suppose to work this way but I
> don't understand
> why. This is a much weaker security model then any Unix filesystem
> standards.
Works exactly the same way on Solaris, etc.
>
>
>
>
>
> "Tobias Speckbacher" <TSpeckbacher at quova.com>
> Sent by: redhat-list-bounces at redhat.com
> 04/14/2005 05:17 PM
> Please respond to General Red Hat Linux discussion list
>
>
> To: "General Red Hat Linux discussion list"
> <redhat-list at redhat.com>
> cc:
> Subject: RE: why can I write to a file I don't
> have perms to??
>
>
>
>
> > -----Original Message-----
> > From: redhat-list-bounces at redhat.com
> > [mailto:redhat-list-bounces at redhat.com]On Behalf Of
> > David.Knight at clubcorp.com
> > Sent: Thursday, April 14, 2005 2:59 PM
> > To: General Red Hat Linux discussion list
> > Cc: redhat-list at redhat.com; redhat-list-bounces at redhat.com
> > Subject: Re: why can I write to a file I don't have perms to??
> >
> >
> > David.Knight at clubcorp.com
> > Sent by: redhat-list-bounces at redhat.com
> > 04/14/2005 04:56 PM
> > Please respond to General Red Hat Linux discussion list
> >
> >
> > To: redhat-list at redhat.com
> > cc:
> > Subject: why can I write to a file I don't own??
> >
> >
> > RedHat List,
> > I was working on a script the other day and ran into
> > an anomaly
> > with the file permission's on files. I have checked this on
> > several ES
> > servers and all produce the same results. Say a file has the
> > following
> > perms: 644 and it is owner and group are root:root. as long
> > as a user has
> >
> > write permission's to the directory it is in they can write
> > to it.
>
> This is how it is supposed to work.
>
> >not
> > only that the UID:GID change to that user. I am running ext3
> > file systems
> > with kernel 2.4.21-20.ELsmp. So my question is
> >
> > 1) why is this allowed?
> > 2) can I change this?
>
> yes create a directory as root and set the sticky bit on it,
> deposit the
> file you want to protect inside this directory.
> This should prevent the user from messing with the files.
>
> http://www.linuxdevcenter.com/pub/a/linux/lpt/22_06.html
>
> >
> > # pwd
> > /home/test_dir
> > # rm test.fil
> > # pwd
> > /home/test_dir
> > # ls -ld .
> > drwxr-xr-x 2 user7 root 4096 Apr 14 16:56 .
> > # id
> > uid=0(root) gid=0(root)
> > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> > # echo "test from root" > test.fil
> > # ls -l test.fil
> > -rw-r--r-- 1 root root 15 Apr 14 16:57 test.fil
> > # su - user7
> > $vi test.fil
> > $ ls -l test.fil
> > -rw-r--r-- 1 user7 user7 31 Apr 14 16:57 test.fil
> > $ cat test.fil
> > test from root
> > test from uset7
> >
> > However it doesn't let you echo "test from user7" > ./test.fil. it
> > responds correctly......
> > Any thoughts on this would be great.
> > -David Knight
> >
> > --
> > redhat-list mailing list
> > unsubscribe
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list