[colug-432] RHEL: Permissions Error / Write a Read-Only File
Greg Sidelinger
gate at ilive4code.net
Thu Dec 1 00:31:35 EST 2016
Because they both have write access to the directory. I'm guessing that's
how it was designed as i saw this over a decade ago.
On Thu, Dec 1, 2016 at 12:24 AM Joshua Kramer <joskra42.list at gmail.com>
wrote:
> Hello!
>
> I have run across a peculiar behavior in RHEL 6. One user can write
> to a file that does not belong to him by mv'ing one of his files to
> the target filename.
>
> Say we have two users, Bob and Alice.
>
> 1. Alice has created a separate OS group for a project: AliceProj.
> 2. Alice adds Bob to the group AliceProj.
> 3. Alice creates a directory somewhere, let's call it
> /srv/AliceProjDir. She sets it user+rwx, group+wrx, all+rx.
> 3. Alice creates a file in /srv/AliceProjDir,
> ALICE_IMPORTANT_DATA.xml. She sets it read-write to herself,
> read-only to the group AliceProj.
> 4. Bob comes along and, in the directory noted above, does 'cp
> ALICE_IMPORTANT_DATA.xml BOB_EDITED_DATA.xml'
> 5. Bob edits his BOB_EDITED_DATA.xml.
> 6. Bob does this: 'mv BOB_EDITED_DATA.xml ALICE_IMPORTANT_DATA.xml'
> 7. Now Alice's important data file, that should only be writeable by
> Alice, contains Bob's edits.
>
> Why does this work, and why is it not considered a bug?
>
> Cheers!
> -JK
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20161201/03e36afd/attachment.html
More information about the colug-432
mailing list