[SunHELP] Able to remove non writable files using rm command on Solaris 8.
Dale Ghent
daleg at elemental.org
Tue Apr 30 09:55:21 CDT 2002
On Sat, 27 Apr 2002 adatey at yahoo.com wrote:
| Hi! I am facing a weird problem on Solaris 8 on a E220 box.
| There is a directory dir1 with ownership permissions user1:group1 and
| directory permissions 775.
| In this directory there is a file called file1 owned by root:other with
| permissions 644.
| I logged in as user2 (not root) member of group1 using a telnet session.
| When I went into dir1 and executed the command rm file1 it asked me that the
| permissions are 644 and do I still want to delete. When I said yes it
| actually deleted the file.
|
| I confirmed that /usr/bin/rm does not have the suid or the sgid bit set.
|
| Is this possible even though user2 is not the owner and has only read
| permissions to the file. I thought that unless write permissions were given
| on the file only the owner or root could delete the file.
|
| Has anybody else seen anything like this? If so is there a setting either at
| kernel level or any other place so that a user is not able to delete a file
| not owned by it unless the user has write permissions to the file.
You were able to delete the root-owned files as user1 because the
root-owned file resided in a directory owned by user1.
To prevent this from happening in the future, the sticky bit must be
turned on for that directory. cd into the directory in question and
execute the following command:
chmod +t .
/dale
More information about the SunHELP
mailing list