[SunHELP] Able to remove non writable files using rm command on Solaris 8.
adatey at yahoo.com
adatey at yahoo.com
Sat Apr 27 12:09:12 CDT 2002
Hi! I am facing a weird problem on Solaris 8 on a E220 box.
There is a directory dir1 with ownership permissions user1:group1 and
directory permissions 775.
In this directory there is a file called file1 owned by root:other with
permissions 644.
I logged in as user2 (not root) member of group1 using a telnet session.
When I went into dir1 and executed the command rm file1 it asked me that the
permissions are 644 and do I still want to delete. When I said yes it
actually deleted the file.
I confirmed that /usr/bin/rm does not have the suid or the sgid bit set.
Is this possible even though user2 is not the owner and has only read
permissions to the file. I thought that unless write permissions were given
on the file only the owner or root could delete the file.
Has anybody else seen anything like this? If so is there a setting either at
kernel level or any other place so that a user is not able to delete a file
not owned by it unless the user has write permissions to the file.
I have tried looking through the various FAQ's but have not yet found
anything.
Thanks.
Regards
Ajit Datey
email: adatey at yahoo.com
More information about the SunHELP
mailing list