[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help! File permissions keep changing...



This probably belongs on the Debian User list rather than the Security list, but anyway, here is your answer.

> What do I need to change the 022 setting to be for -rwxrwx--- ?

1) umask 007 will allow a user to create a file with permissions -rw-rw---- or 0660. To make the file executable the user would have to chmod the file. (Read the chmod man page.) The easiest form is not the simplest to understand, chmod 770 filename. Easier to understand is chmod u+x, g+x filename. 2) Referring back to your original post, the only user who can change the owner of a file is the owner of that file, with the chown command. For someone else to apparently change the owner of a file this means they first deleted the file then rewrote it (created a new file) to make it their own. The only way this can happen is due to directory permissions. If the users all have write permissions to the directory, then obviously they have permission to delete and create any files in the directory, not just their own. I repeat, this is a function of directory permissions, not file permissions. To prevent this, you could add the sticky bit to the directory so only the owners can delete files. From the chmod man page:

STICKY DIRECTORIES
When the sticky bit is set on a directory, files in that directory may be unlinked or renamed only by root or their owner. Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on directories, such as /tmp, that are
      world-writable.

Play around with umask, chmod, chown etc, you'll get it figured out...

John



But this is all basic UN*X. You should know this if you are administering a 50 user site...




Reply to: