HPE Community
Operating System - HP-UX
1822430 Members
2954 Online
109642 Solutions
New Discussion юеВ

rm vs. rm -f

 
SOLVED
Go to solution
Albert Smith_1
Regular Advisor

тАО03-16-2006 01:43 PM

тАО03-16-2006 01:43 PM

rm vs. rm -f

Got what I think is a simple problem and I think I know the answer but it buffudles me why this works.

I have an Oracle User Directory that is blown up 777. Files below that have permissions set to 644. Because of the directory setup any one can drop or files in and such. However my question is this. When a user attemptes to "rm" a file they get prompted to change mode to 644 but the file does not get removed unless they are the owner. However if they do an rm -f to the file it gets removed. Following the standard security that UX follows the strictist rule the file should not have been removed unless the owner or root did the removing of the file. Why is this permitted?

It is a HP-UX 11i (11.11) current on all patches. My person belief is because the directory structure set to by the DBA as they are the owner of the sctructre is set to 777. It see's the removal of the file as a change to the directory when a force is given vs. a file change when just an rm is issued.

Thanks for the info.

-Al
0 Kudos
Reply
8 REPLIES 8
RAC_1
Honored Contributor

тАО03-16-2006 02:48 PM

тАО03-16-2006 02:48 PM

Re: rm vs. rm -f

By default (not exactly, but you most probablely have alias rm=rm -i), rm will prompt before deleting a file. rm -f is forcefull, without prompt deletion of a file.

The file perms do not matter, if dir has open perms to everyone.

Check your alises.
alias
There is no substitute to HARDWORK
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО03-16-2006 02:49 PM

тАО03-16-2006 02:49 PM

Re: rm vs. rm -f

The ability to remove a file has nothing to do with the ownership of a file (with one exception I'll mention in a moment) but depends upon the permissions of the directory that houses the file. If a user has write permission on a directory, he can remove any file. That is why 777 directory permission is such a dangerous thing. The exception is if the sticky-bit (e.g instead of 777, the mode is 1777) is set then only the owner of a file can delete a file eventhough the directory permission would otherwise allow it. The permission to chmod or chown a file is determined solely by the owner of the file. Of course, a super-user is allowed unrestricted access for any of these tasks.
If it ain't broke, I can fix that.
0 Kudos
Reply
Indira Aramandla
Honored Contributor

тАО03-16-2006 02:53 PM

тАО03-16-2006 02:53 PM

Re: rm vs. rm -f

Hi Albert,

Yes rm should be used by -i which will request confirmation before removing each entry.

If you have the directory permissions as 775 or 755 then other users other than the owner cannot delete files withtin the directory.

And here is rm VS rm -f
The rm command removes the entries for one or more files from a directory. rm ├в f (force option forces each file or directory to be removed without prompting for confirmation, regardless of the permissions of the entry. This option also suppresses diagnostic messages regarding nonexistent operands.


IA

Never give up, Keep Trying
Reply
Arunvijai_4
Honored Contributor

тАО03-16-2006 03:03 PM

тАО03-16-2006 03:03 PM

Solution

Re: rm vs. rm -f

Hi,

man rm says,

rm recognizes the following options:

-f Force each file or directory to be removed without prompting for confirmation, regardless of the permissions of the entry. This option also suppresses diagnostic messages regarding nonexistent operands.

This option does not suppress any diagnostic messages other than those regarding nonexistent operands. To suppress all error message and interactive prompts, the -f option should be used while redirecting standard error output to /dev/null.

This option ignores any previous occurrence of the -i option.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Reply
Sivakumar TS
Honored Contributor

тАО03-16-2006 03:11 PM

тАО03-16-2006 03:11 PM

Re: rm vs. rm -f

Hi,

rm - grace fule , asks for confirmation etc

rm -f -- fourecfull remove

Regards,

Siva.
Nothing is Impossible !
0 Kudos
Reply
Muthukumar_5
Honored Contributor

тАО03-16-2006 04:02 PM

тАО03-16-2006 04:02 PM

Re: rm vs. rm -f

Difference rm vs rm -f

a) i) rm will make diagnostic error messages when the file is not existing
ii) rm -f will not make any error messages. It will redirect error messages to /dev/null

b) i) While deletion of file, rm will check file permissions.
ii) rm -f will not care about permission and will delete files

rm -f will not care about confirmation. It is differing with rm -i here.

--
Muthu
Easy to suggest when don't know about the problem!
Reply
Peter Godron
Honored Contributor

тАО03-16-2006 06:50 PM

тАО03-16-2006 06:50 PM

Re: rm vs. rm -f

Albert,
the proof that delete priv comes from the directory:
mkdir /tmp/test
chmod 755 /tmp/test
cd /tmp/test
touch a
chmod 777 a

Another user can now enter the /tmp/test dir, edit and update the file, but can not remove it.
From man rm:
"Removal of a file requires write and search (execute) permission in its directory, but no permissions on the file itself."

Also the rm -f of a non-existent file is 0 (success), whereas rm of a non-existent file return 2(error).
Reply
Albert Smith_1
Regular Advisor

тАО03-17-2006 01:11 AM

тАО03-17-2006 01:11 AM

Re: rm vs. rm -f

Thanks all you reassured me here. I figured that is what it was.

I will be assigning points shortly.

-Al
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.