POSIX file permission (understanding) problem?
Harald Schmalzbauer
h.schmalzbauer at omnilan.de
Mon Oct 25 21:34:26 UTC 2010
Hello,
am I complete stupid or is there a serious problem with 8.1-RELEASE:
I can write files which I have no write access to, if I have write
access to the directory of the file.
How to reproduce (tested with UFS2):
mkdir /tmp/testdir
touch /tmp/testdir/testfile
chown -R nobody:intern /tmp/testdir
chmod 751 /tmp/testdir
chmod 640 /tmp/testdir/testfile
ls -ld /tmp/testdir
drwxr-x--x 2 nobody intern 512 25 Okt 23:03 /tmp/testdir
ls -l /tmp/testdir
total 0
-rw-r----- 1 nobody intern 0 25 Okt 23:03 testfile
exit
id
uid=9001(harry) gid=9001(harry)
groups=9001(harry),0(wheel),5(operator),68(dialer),919(vboxusers),5090(intern)....
-> Fine so far, editing testfile doesn't work
chmod g+w testdir/ (as superuser, exit again)
ls -ld testdir
drwxrwx--x 2 nobody intern 512 25 Okt 23:03 testdir
ls -l testdir
total 0
-rw-r----- 1 nobody intern 0 25 Okt 23:03 testfile
-> Now editing with vi (as user harry) changes the ownership of the
file and writing is successfull:
ls -l testdir/
total 2
-rw-r----- 1 harry intern 5 25 Okt 23:10 testfile
This means file permission mode is irrelevant if the user has write
access to the directory of the file. I can hardly believe that this is
intentional. Why does a write lead to owbership changes?
How should I give users write access to directories but prohibit
deliting particular files? Do I have to use uunlnk flag?
Sorry for that basic question, but I must have been missing something in
the last 10 years...
Thanks in advance,
-Harry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20101025/78382c12/signature.pgp
More information about the freebsd-stable
mailing list