[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rm -rf .. ?!?!



On Fri, 20 Feb 1998, Gilad Ben-Yossef wrote:

> I have noticed today something quite strange (at least for me) - that a
> user who owns a directory can delete from it ANY file, even if he
> doesn't have permissions to read or write to the file, and it is owned
> by another user.
> It is thus possible, for example, for a user to delete a .rhosts file
> from his home directory even if root put that file there without r/w
> permissions for the user.
> 
> I have tested this on both Redhat, Slackware and Solaris and it seems to
> work so I surmise this is a feature and not a bug, however it still
> seems strange to me.

Test it anywhere you like. It's standard Unix. A directory is nothing more
than a file containing names and inodes of other files, if you have write
access to it you can delete whatever the hell you like in it. Ofcourse,
you can't really delete anything except the link from the directory to the
inode, but when the number of links in an inode hits 0 the block gets
deallocated as well. (In English, if you have a hardlink there, you can
only delete the one in your directory, and it won't do a damn thing to
other files.)

If you think it from another viewpoint, it also makes sense, it's your
homedirectory, you should have control.

Try touching a file as root and then renaming it in your homedir, that's
possible as well.

Regards,
Nir.


> Anyone care to comment? 
> 
> Gilad
> 
> 
> 

--
Nir Soffer * scorpios@cs.huji.ac.il * http://www.cs.huji.ac.il/~scorpios
"I wouldn't recommend sex drugs or insanity for everyone but they've
always worked for me."
                -- Hunter S. Thompson
Mail me with the subject 'get pgp key' for my PGP Public key.