amd64/154112: user can delete file witch owned by root:wheel
holger.kipp at alogis.com
Tue Jan 18 21:25:53 UTC 2011
On January 18, 2011 at 9:10 PM Ihor R <kaba at goodnet.com.ua> wrote:
> The following reply was made to PR amd64/154112; it has been noted by GNATS.
> From: Ihor R <kaba at goodnet.com.ua>
> To: <bug-followup at FreeBSD.org>, <kaba at goodnet.com.ua>
> Subject: Re: amd64/154112: user can delete file witch owned by root:wheel
> Date: Tue, 18 Jan 2011 21:27:23 +0200
> On Tue, 18 Jan 2011 16:22:53 GMT, kib at FreeBSD.org wrote:
> > User home directory is owned by user, right ?
> > The system works as intended, read about unix file permission model.
> The home user directory is owned by user, but I quote don't understand
> how I can provide hosting service for my users, if anybody user can
> delete any files in his home directory. By example:
> if I want to block some resources, like site, by adding "deny from all"
> to .htaccess and replace owner of this file to root:wheel. User can not
> change this file (rewrite) but he can delete this file any time he wish
> - and the site will go on to work and can make some steps to damage
> Can you please explain me how can I get back to Unix where users can't
> delete file which they not own. What steps I need to do to solve current
> I need that users can't change or delete files, that users not own,
> anyway it's (files) placed.
It seems you really don't understand the concept of unix file permissions.
It has been around for ages and imho is as good as it can be.
As you also mention .htaccess-files, this is another issue. Looking at
apache documentation, you'll find that these files should not be used
unless you _want_ your users to use them:
You might want to rework your current concept of hosting and permissions
Apart from that, this is not a http/apache forum, so this is actually
the wrong mailing list :-(
Tel. : +49 30 436 58 114
Mobil: +49 178 36 58 114
Fax. : +49 30 436 58 214
Email: holger.kipp at alogis.com
web : http://www.alogis.com
Sitz/Registergericht: Berlin/AG Charlottenburg, HRB 71484
Vorstand: Arne Friedrichs, Joern Samuelson
Aufsichtsratsvorsitzender: Reinhard Mielke
More information about the freebsd-amd64