From: Darin.Wayrynen@f145.n114.z1.fidonet.org (Darin Wayrynen) Subject: 2 Linux ques. (read faq: Date: Wed, 27 Jan 1993 09:58:00 -0800
* In a message originally to All, Randy Edwards said:
[misc deletions]
> As root, I made a dummy file named 'test.fil' with an owner
> and group
> of 'root' and permissions of -rw-r--r--. Then, I logged in
> as a normal
> user and tried to rm the file. I get a 'permission denied'
> response,
> and the file remains intact. Great. Then, I immediately
> change
> directories to /etc and do a 'rm passwd'. To my surprise, I
> get a
> response of 'rm: remove 'passwd', overriding mode 0600?' So
> I type 'y'
> and the system deletes my password file. The password file
> was also
> owned by and in group 'root' and had permissions of
> -rw-------. What
> boggles me is why does the system allow me to delete one
> file, but not
> the other? (Remember, I did this logged in as a user, not as
> root.).
> To me, since I don't know what's going on, this gives me
> shudders and
> fears of system security. Can someone clue me in on what's
> happening
> here (and how I might prevent it)?
If a user has write permission on a directory, then he can remove
files from it. /etc is probaby drwxrwx--- or something like that,
and the user you were logged in as was part of the same group as
root.
Think of it this way. If you were logged into /home/randy (assume
that's your home directory), you wouldn't want people to put files
in your directory that you couldn't delete correct? So since you
own it (and also you are part of the group that owns it) you can
delete files in it...
Darin Wayrynen
Paragon Consulting Group
* Origin: Paragon BBS (602) 938-8288 (2.0 gigs/Windows/NT/C++ Support)
(1:114/145)