[colug-432] RHEL: Permissions Error / Write a Read-Only File
Matt Meinwald
meinwald.1 at osu.edu
Thu Dec 1 00:37:08 EST 2016
On 11/30/2016 11:21 PM, Joshua Kramer wrote:
> Hello!
>
> I have run across a peculiar behavior in RHEL 6. One user can write
> to a file that does not belong to him by mv'ing one of his files to
> the target filename.
>
> Say we have two users, Bob and Alice.
>
> 1. Alice has created a separate OS group for a project: AliceProj.
> 2. Alice adds Bob to the group AliceProj.
> 3. Alice creates a directory somewhere, let's call it
> /srv/AliceProjDir. She sets it user+rwx, group+wrx, all+rx.
> 3. Alice creates a file in /srv/AliceProjDir,
> ALICE_IMPORTANT_DATA.xml. She sets it read-write to herself,
> read-only to the group AliceProj.
> 4. Bob comes along and, in the directory noted above, does 'cp
> ALICE_IMPORTANT_DATA.xml BOB_EDITED_DATA.xml'
> 5. Bob edits his BOB_EDITED_DATA.xml.
> 6. Bob does this: 'mv BOB_EDITED_DATA.xml ALICE_IMPORTANT_DATA.xml'
> 7. Now Alice's important data file, that should only be writeable by
> Alice, contains Bob's edits.
>
> Why does this work, and why is it not considered a bug?
>
> Cheers!
> -JK
Bob has write access to the directory, which enables moving
and deleting files. The way to prevent this is setting the
sticky bit on the directory. This only allows owners of
files to move or delete them. This is why /tmp and /var/tmp
are 01777 (u+rwx,g+rwx,o+rwt) instead of 00777 on most *nix
systems.
https://en.wikipedia.org/wiki/Sticky_bit
More information about the colug-432
mailing list