<div style="white-space:pre-wrap">Because they both have write access to the directory. I'm guessing that's how it was designed as i saw this over a decade ago.<br></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Dec 1, 2016 at 12:24 AM Joshua Kramer <<a href="mailto:joskra42.list@gmail.com">joskra42.list@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello!<br class="gmail_msg">
<br class="gmail_msg">
I have run across a peculiar behavior in RHEL 6. One user can write<br class="gmail_msg">
to a file that does not belong to him by mv'ing one of his files to<br class="gmail_msg">
the target filename.<br class="gmail_msg">
<br class="gmail_msg">
Say we have two users, Bob and Alice.<br class="gmail_msg">
<br class="gmail_msg">
1. Alice has created a separate OS group for a project: AliceProj.<br class="gmail_msg">
2. Alice adds Bob to the group AliceProj.<br class="gmail_msg">
3. Alice creates a directory somewhere, let's call it<br class="gmail_msg">
/srv/AliceProjDir. She sets it user+rwx, group+wrx, all+rx.<br class="gmail_msg">
3. Alice creates a file in /srv/AliceProjDir,<br class="gmail_msg">
ALICE_IMPORTANT_DATA.xml. She sets it read-write to herself,<br class="gmail_msg">
read-only to the group AliceProj.<br class="gmail_msg">
4. Bob comes along and, in the directory noted above, does 'cp<br class="gmail_msg">
ALICE_IMPORTANT_DATA.xml BOB_EDITED_DATA.xml'<br class="gmail_msg">
5. Bob edits his BOB_EDITED_DATA.xml.<br class="gmail_msg">
6. Bob does this: 'mv BOB_EDITED_DATA.xml ALICE_IMPORTANT_DATA.xml'<br class="gmail_msg">
7. Now Alice's important data file, that should only be writeable by<br class="gmail_msg">
Alice, contains Bob's edits.<br class="gmail_msg">
<br class="gmail_msg">
Why does this work, and why is it not considered a bug?<br class="gmail_msg">
<br class="gmail_msg">
Cheers!<br class="gmail_msg">
-JK<br class="gmail_msg">
_______________________________________________<br class="gmail_msg">
colug-432 mailing list<br class="gmail_msg">
<a href="mailto:colug-432@colug.net" class="gmail_msg" target="_blank">colug-432@colug.net</a><br class="gmail_msg">
<a href="http://lists.colug.net/mailman/listinfo/colug-432" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br class="gmail_msg">
</blockquote></div>