HPE Community
Operating System - HP-UX
1833431 Members
3292 Online
110052 Solutions
New Discussion

Re: trouble with file permission

 
SOLVED
Go to solution
Jan Hawes_2
Occasional Contributor

‎10-13-2003 02:35 AM

‎10-13-2003 02:35 AM

trouble with file permission

Hello,

I found a effect which i really don't understand.

Using user1:
- touch test_file
- chmod 400 test_file

Using user2:
- rm test_file

-> files is deleted

Why is user2 able to delete the testfile?

They have the same gid, but not the same uid.

I don`t understand, can you help me?

bye jan
0 Kudos
Reply
4 REPLIES 4
James Specht
Trusted Contributor

‎10-13-2003 02:39 AM

‎10-13-2003 02:39 AM

Re: trouble with file permission

This would happen if the directory permissions allowed the group or others read/write access to the files within. /tmp is a good example with its 777 mode.

--Jim
"Everyone can be taught to sculpt: Michelangelo would have had to be taught how not to. So it is with the great programmers."
0 Kudos
Reply
Vitek Pepas
Valued Contributor

‎10-13-2003 02:39 AM

‎10-13-2003 02:39 AM

Re: trouble with file permission

In order to protect the file against removal you would have to change directory permissions. Set the sticky bit to make sure only owner can remove the file.
0 Kudos
Reply
Thierry Poels_1
Honored Contributor

‎10-13-2003 02:44 AM

‎10-13-2003 02:44 AM

Solution

Re: trouble with file permission

hi,

file deletion privileges are controled by the directory privileges (you are writing in the directory if you delete a file).

So if user2 cannot write into this directory he cannot remove the file.
Otherwise use the sticky bit (chmod +t /dir), then only root, directory owner & file owner can remove a file.

regards,
Thierry Poels.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Reply
Sanjay_6
Honored Contributor

‎10-13-2003 02:47 AM

‎10-13-2003 02:47 AM

Re: trouble with file permission

Hi Jan,

The other user "user2" is able to delete the file owned by "user1" even if the file has 400 permissions is because the directory in which the file is located is writable by user2. Since the users have the same GID's the directory is writable by either group or world or both.

Hope this helps.

Regds
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.