Operating System - HP-UX
1834470 Members
2670 Online
110067 Solutions
New Discussion

How come that other user can use "mv" on my file

 
Wilfredo R. Castro
Occasional Advisor

How come that other user can use "mv" on my file

Hi,
I have a problem about the "mv" command .
Scenario :
1. I have this file "test.txt" created by user "bbbadmx" which has a group called "bbbxr" with a permission rw-r--r-- (644).
rw-r--r-- bbbadmx bbbxr test.txt.
But I have this other user "bbbonlx" in the same group "bbbxr" that can move my files into different filename without even having a warning.
COMMAND EXECUTED :
mv test.txt test.temp

NOTE : this file belongs or inside this directory :
drwxrwxr-- bbbadmx bbbxr FOLDER

QUESTION :
1. How come the other user with the same group can do a "mv" command on my own file without even saying any warnings that this user doesn't own the file.
2. In my understanding, If I'm the user "bbbadmx" and I have file with rw-r--r-- permission, this cannot be updated, remove or move by the other user belongs to my GROUP since that I only gave a READ priviledge (r--) for the GROUP?

Thank you in Advance.
Willie Castro
8 REPLIES 8
Donald Kok
Respected Contributor

Re: How come that other user can use "mv" on my file

Hi Wilfredo,

the mv command is actually a write in a directory. You have to set privs in the dir!

The privs of the content of the file are described by the bits of the file itself. So the other user can now not change the content of the file, but he can move it.

Hope this helps
Donald
My systems are 100% Murphy Compliant. Guaranteed!!!
Steve Steel
Honored Contributor

Re: How come that other user can use "mv" on my file

Hi

This action affects the directory and not really the file.

group has write on the directory so it will work.


steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
V. Nyga
Honored Contributor

Re: How come that other user can use "mv" on my file

Hi,

the read/write-permissions only count for the file itself.
You cannot update the file but you can rename, move or delete it if you have the permissions for the directory!
I think it is because files have in UX an inode, so you don't change the file but the association from inode and file name.

Regards
Volkmar
*** Say 'Thanks' with Kudos ***
Andreas Voss
Honored Contributor

Re: How come that other user can use "mv" on my file

Hi,

when using mv then the file has not to be opened for reading or writing.
Only the directory permissions are relevant.
So your directory has drwxrwxr-- that means user AND group can change filename (mv) in that directory.
If you don't want to have mv access for the group change directory to drwxr-xr--

Regards
John Palmer
Honored Contributor

Re: How come that other user can use "mv" on my file

He can move the file because he has full write permissions to the parent directory FOLDER.

Bill Hassell recently fave a good explanation of this here: http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xe5065fe8b250d71190080090279cd0f9,00.html

You might want to consider changing the directory permissions from rwxrwxr-- to rwxr-xr--

Regards,
John
David_246
Trusted Contributor

Re: How come that other user can use "mv" on my file

Hi,

Indeed this is the permission of the directory.
A directory is actualy a file, the user is moving a plain file and therebecause editing the directory-file. As the user has permissions to write in the directory-file it works.
When the user wants to edit the file, he will get a permissions denied.

A solution for your problem might be :
chmod o+t /path/to/folder

Now only users that own the file can remove the file.

Regs David
@yourservice
Wilfredo R. Castro
Occasional Advisor

Re: How come that other user can use "mv" on my file

Thanks for all the HELP....

Hi David,

I tested to use the chmod o+t and I think it works! .... Can you give a deeper expalanation about this SOLUTION? (chmod o+t).

THANKS AGAIN.
Willie Castro
David_246
Trusted Contributor

Re: How come that other user can use "mv" on my file

No probs. (if you don't forget to assign points to the people who helped you)

The chmod o+t says that files can only be removed by their owner. Please look at the /tmp directory, you see the same rights.

I don't know what to say else, it is the way it is :)

Regs David
@yourservice