POSIX file permission (understanding) problem?
Chuck Swiger
cswiger at mac.com
Mon Oct 25 22:28:48 UTC 2010
On Oct 25, 2010, at 2:20 PM, Harald Schmalzbauer wrote:
> chmod g+w testdir/ (as superuser, exit again)
> ls -ld testdir
> drwxrwx--x 2 nobody intern 512 25 Okt 23:03 testdir
> ls -l testdir
> total 0
> -rw-r----- 1 nobody intern 0 25 Okt 23:03 testfile
>
> -> Now editing with vi (as user harry) changes the ownership of the
> file and writing is successfull:
> ls -l testdir/
> total 2
> -rw-r----- 1 harry intern 5 25 Okt 23:10 testfile
[ ... ]
> Why does a write lead to owbership changes?
You can't actually write to the file when owned by nobody as harry. However, since you have write permissions to the directory, you can delete the file and write a new file which is also called testfile.
$ echo "hi" >> testfile
cannot create testfile: Permission denied
...and in vi, force write ("w!") gives "Error: testfile: Permission denied."
Perhaps you're using some odd tweaks to vi...?
> How should I give users write access to directories but prohibit deliting particular files? Do I have to use uunlnk flag?
No, you can set the sticky bit on the directory, which is what /tmp uses:
STICKY DIRECTORIES
A directory whose `sticky bit' is set becomes an append-only directory,
or, more accurately, a directory in which the deletion of files is
restricted. A file in a sticky directory may only be removed or renamed
by a user if the user has write permission for the directory and the user
is the owner of the file, the owner of the directory, or the super-user.
This feature is usefully applied to directories such as /tmp which must
be publicly writable but should deny users the license to arbitrarily
delete or rename each others' files.
Regards,
--
-Chuck
More information about the freebsd-stable
mailing list