[SunHELP] Able to remove non writable files using rm command on Solaris 8.

DAUBIGNE Sebastien - BOR ( SDaubigne@bordeaux-bersol.sema.slb.com ) SDaubigne at bordeaux-bersol.sema.slb.com
Mon Apr 29 05:52:27 CDT 2002 

File creation/deletion permissions are based on the directory permissions,
not the file permissions.

So user2, who is member of group1, can delete every file under dir1
including file1, and can also create any file under it.

But note that user2 can't modify file1, because of this file's permission.

--
Sebastien DAUBIGNE
sdaubigne at bordeaux-bersol.sema.slb.com <mailto:sebastien.daubigne at sema.fr>
- (+33)5.57.26.56.36
SchlumbergerSema - Sema Global Services - DW/Pessac

	-----Message d'origine-----
	De:	adatey at yahoo.com [SMTP:adatey at yahoo.com]
	Date:	samedi 27 avril 2002 19:09
	:	sunhelp at sunhelp.org
	Objet:	[SunHELP] Able to remove non writable files using rm command
on Solaris 8.

	Hi! I am facing a weird problem on Solaris 8 on a E220 box.
	There is a directory dir1 with ownership permissions user1:group1
and
	directory permissions 775.
	In this directory there is a file called file1 owned by root:other
with
	permissions 644.
	I logged in as user2 (not root) member of group1 using a telnet
session.
	When I went into dir1 and executed the command rm file1 it asked me
that the
	permissions are 644 and do I still want to delete. When I said yes
it
	actually deleted the file.

	I confirmed that /usr/bin/rm does not have the suid or the sgid bit
set.

	Is this possible even though user2 is not the owner and has only
read
	permissions to the file. I thought that unless write permissions
were given
	on the file only the owner or root could delete the file.

	Has anybody else seen anything like this? If so is there a setting
either at
	kernel level or any other place so that a user is not able to delete
a file
	not owned by it unless the user has write permissions to the file.

	I have tried looking through the various FAQ's but have not yet
found
	anything.

	Thanks.

	Regards
	Ajit Datey
	email: adatey at yahoo.com
	_______________________________________________
	SunHELP maillist  -  SunHELP at sunhelp.org
	http://www.sunhelp.org/mailman/listinfo/sunhelp

More information about the SunHELP mailing list