[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rm -rf .. ?!?!



Nir Soffer wrote:
> 
> On Fri, 20 Feb 1998, Gilad Ben-Yossef wrote:
> 
> > I have noticed today something quite strange (at least for me) - that a
> > user who owns a directory can delete from it ANY file, even if he
> > doesn't have permissions to read or write to the file, and it is owned
> > by another user.
> > It is thus possible, for example, for a user to delete a .rhosts file
> > from his home directory even if root put that file there without r/w
> > permissions for the user.
> >
> > I have tested this on both Redhat, Slackware and Solaris and it seems to
> > work so I surmise this is a feature and not a bug, however it still
> > seems strange to me.
> 
> Test it anywhere you like. It's standard Unix. A directory is nothing more
> than a file containing names and inodes of other files, if you have write
> access to it you can delete whatever the hell you like in it. Ofcourse,
> you can't really delete anything except the link from the directory to the
> inode, but when the number of links in an inode hits 0 the block gets
> deallocated as well. (In English, if you have a hardlink there, you can
> only delete the one in your directory, and it won't do a damn thing to
> other files.)

There IS one exception to this Unix-standard behavior - the /tmp
directory.  It is possible to have a directory that allows ANYONE to put
files in, but that only the file's owner can modify.  This is the 'T'
flag, and you can use chmod +T to set this permission and behavior in
some other directory.  It is useful for shared upload areas, like an FTP
server's ../incoming/ directory, for example.

> If you think it from another viewpoint, it also makes sense, it's your
> homedirectory, you should have control.
> 
> Try touching a file as root and then renaming it in your homedir, that's
> possible as well.
> 
> Regards,
> Nir.
> 
> > Anyone care to comment?
> >
> > Gilad
> >
> >
> >
> 
> --
> Nir Soffer * scorpios@cs.huji.ac.il * http://www.cs.huji.ac.il/~scorpios
> "I wouldn't recommend sex drugs or insanity for everyone but they've
> always worked for me."
>                 -- Hunter S. Thompson
> Mail me with the subject 'get pgp key' for my PGP Public key.

-- 
						Eliyahu Skoczylas
						<eliyahu@actcom.co.il>