amd64/154112: user can delete file witch owned by root:wheel

Holger Kipp holger.kipp at
Tue Jan 18 21:25:53 UTC 2011

Dear Ihor,
On January 18, 2011 at 9:10 PM Ihor R <kaba at> wrote:

> The following reply was made to PR amd64/154112; it has been noted by GNATS.
> From: Ihor R <kaba at>
> To: <bug-followup at>, <kaba at>
> Cc: 
> Subject: Re: amd64/154112: user can delete file witch owned by root:wheel
> Date: Tue, 18 Jan 2011 21:27:23 +0200
>   On Tue, 18 Jan 2011 16:22:53 GMT, kib at wrote:
>  > User home directory is owned by user, right ?
>  > The system works as intended, read about unix file permission model.
>   The home user directory is owned by user, but I quote don't understand
>   how I can provide hosting service for my users, if anybody user can
>   delete any files in his home directory. By example:
>   if I want to block some resources, like site, by adding "deny from all"
>   to .htaccess and replace owner of this file to root:wheel. User can not
>   change this file (rewrite) but he can delete this file any time he wish
>   - and the site will go on to work and can make some steps to damage
>   server.
>   Can you please explain me how can I get back to Unix where users can't
>   delete file which they not own. What steps I need to do to solve current
>   problem.
>   I need that users can't change or delete files, that users not own,
>   anyway it's (files) placed.
It seems you really don't understand the concept of unix file permissions.
It has been around for ages and imho is as good as it can be.
As you also mention .htaccess-files, this is another issue. Looking at
apache documentation, you'll find that these files should not be used
unless you _want_ your users to use them:
You might want to rework your current concept of hosting and permissions
Apart from that, this is not a http/apache forum, so this is actually
the wrong mailing list :-(

Best regards,

Holger Kipp
Senior Consultant

 Tel. : +49 30 436 58 114
 Mobil: +49 178 36 58 114
 Fax. : +49 30 436 58 214
 Email: holger.kipp at
 alogis AG
 Alt-Moabit 90b
 D-10559 Berlin
 web :
 alogis AG
 Sitz/Registergericht: Berlin/AG Charlottenburg, HRB 71484
 Vorstand: Arne Friedrichs, Joern Samuelson
 Aufsichtsratsvorsitzender: Reinhard Mielke

More information about the freebsd-amd64 mailing list