[colug-432] RHEL: Permissions Error / Write a Read-Only File

Mark Aufdencamp mark at aufdencamp.com
Thu Dec 1 13:41:44 EST 2016


Great Q&A!

> -------- Original Message --------
> Subject: Re: [colug-432] RHEL: Permissions Error / Write a Read-Only
> File
> From: Matt Meinwald <meinwald.1 at osu.edu>
> Date: Thu, December 01, 2016 12:37 am
> To: Central OH Linux User Group - 432xx <colug-432 at colug.net>
> 
> 
> On 11/30/2016 11:21 PM, Joshua Kramer wrote:
> > Hello!
> > 
> > I have run across a peculiar behavior in RHEL 6.  One user can write
> > to a file that does not belong to him by mv'ing one of his files to
> > the target filename.
> > 
> > Say we have two users, Bob and Alice.
> > 
> > 1. Alice has created a separate OS group for a project: AliceProj.
> > 2. Alice adds Bob to the group AliceProj.
> > 3. Alice creates a directory somewhere, let's call it
> > /srv/AliceProjDir.  She sets it user+rwx, group+wrx, all+rx.
> > 3. Alice creates a file in /srv/AliceProjDir,
> > ALICE_IMPORTANT_DATA.xml.  She sets it read-write to herself,
> > read-only to the group AliceProj.
> > 4. Bob comes along and, in the directory noted above, does 'cp
> > ALICE_IMPORTANT_DATA.xml BOB_EDITED_DATA.xml'
> > 5. Bob edits his BOB_EDITED_DATA.xml.
> > 6. Bob does this: 'mv BOB_EDITED_DATA.xml ALICE_IMPORTANT_DATA.xml'
> > 7. Now Alice's important data file, that should only be writeable by
> > Alice, contains Bob's edits.
> > 
> > Why does this work, and why is it not considered a bug?
> > 
> > Cheers!
> > -JK
> 
> Bob has write access to the directory, which enables moving
> and deleting files. The way to prevent this is setting the
> sticky bit on the directory. This only allows owners of
> files to move or delete them. This is why /tmp and /var/tmp
> are 01777 (u+rwx,g+rwx,o+rwt) instead of 00777 on most *nix
> systems.
> 
> https://en.wikipedia.org/wiki/Sticky_bit
> 
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432



More information about the colug-432 mailing list