topic Re: Users permissions in Operating System - HP-UX

Users permissions

George_8 — Mon, 30 Oct 2000 11:17:57 GMT

I work on an hp server with hpux 10.20.
Is it posible someone else (with the same group with me e.x. users) to change (write) my .profile.
Note : The .profile is -rwx------.

Re: Users permissions

CHRIS_ANORUO — Mon, 30 Oct 2000 11:30:09 GMT

No, It is only superuser that can modify the file with that permission

Re: Users permissions

John Palmer — Mon, 30 Oct 2000 11:31:07 GMT

If your .profile is -rwx------ then only the owner (and root) has permissions to write to it.

Could it be that you have more than one user with the same id number - check /etc/passwd.

Regards,
John

Re: Users permissions

federico_3 — Mon, 30 Oct 2000 11:52:37 GMT

No, nobody can modify your .profile if the permissions are the ones you indicate.

federico

Re: Users permissions

Devbinder Singh Marway — Mon, 30 Oct 2000 13:26:46 GMT

looking at your permissions , of your .profile rwx for user/owner of the file and nothing for the others or group will not be able to change your .profile. One thing you can check is the date stamp of the file and then do a last to find out which users were logged in at that particular time ( have you got a history file , you can check this to see if any commands which suggest the change of your .profile).

The other thing to note is the permissions of the home directory i.e. if you have 777 permisions , other users will be able to cd into your directory and create files .

Re: Users permissions

Ralph Grothe — Mon, 30 Oct 2000 14:58:34 GMT

Question to the responders,

what about if the other account had the (admittedly, highly unlikely) write permission on George's home directory?

Wouldn't that allow the other to at least delete (wonder if you can call this a modification) any file?

Or am I wrong?

Re: Users permissions

James R. Ferguson — Mon, 30 Oct 2000 15:08:31 GMT

George & Ralph:

Yes, if the permissions on the directory were something like 77x, then another user could delete the profile and recreate it, and then 'chown' the ownership "away" to the directory's owner.

The way to circumvent this is to set the sticky bit on the directory. A better way is not to allow write access on directories that you don't have to do so!!!

...JRF...

Re: Users permissions

Bill Hassell — Tue, 31 Oct 2000 03:44:55 GMT

Unix mantra: You do not understand the permissions of a file until you understand the permissions of every parent directory.

File permissions control the CONTENT.

Directory permissions control the EXISTENCE.

Try this as an ordinary user:

cd /var/tmp
touch testfile
chmod 000 testfile
cat testfile
cat: Cannot open testfile: Permission denied
rm testfile

In fact, anyone can remove testfile because /var/tmp is 777 permissions (must be). As mentioned, the sticky bit can be set which then prevents the removal of a file when you are not the owner.

SO protection of the contents (not writable, perhaps not readable) has nothing to do with the file's existence. The directory permissions totally control add, remove, and rename actions.

Re: Users permissions

Madhu Sudhan_1 — Tue, 31 Oct 2000 06:41:20 GMT

One more way to understand File/Directory Permissions is "EVERYTHING IN UNIX IS TREATED AS A FILE" (couldn't make it bold, so highlighting with Capital letters), Like Devices, Directories etc.,. So You can only make changes to a directory file only when you have write permission. Directory file contains information about files, subdirectories with in it. The activities like deleting a file, renaming a file and moving a file and copying a file into a directory requires an entry in the directory file which requires a write permission.
Protect it with sticky bit on the directory which allows to have "w" permission on the directory and still only owner the file can delete the file.