[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help! File permissions keep changing...

Changing the umask to 007 didn't have any effect on the problem.  So far
I've tried 000 and 007.

You said:
> 2) Referring back to your original post, the only user who can change
> the owner of a file is the owner of that file, with the chown command.
> For someone else to apparently change the owner of a file this means
> they first deleted the file then rewrote it (created a new file) to make
> it their own.

Somehow this is not the case on this server.  For example, I have a
directory containing Excel files that is accessable through the Samba share.
The permissions on all the files in the directory are set to "root" as owner
with rw permission, and group is set to "users" with rw permission.  From my
XP workstation I can browse to the folder through Network Places, and open a
file in Excel, and then save it.  After saving the file, if I run a ls -l on
the directory the file permissions on the file I opened are set to "hhayes"
as the owner with rw permission, and the group is set to "users" with only r
permission.  I am not deleting the file and recreating it, only opening and
then saving it.  This happens no matter what user opens and saves a file.
I know that it isn't supposed to work this way, because my other Debian box
works correctly.

"John Hardcastle" <johnhardcastle@ihug.co.nz> wrote in message
news:1qp0I-12K-11@gated-at.bofh.it...
> This probably belongs on the Debian User list rather than the Security
> list, but anyway, here is your answer.
>
>  > What do I need to change the 022 setting to be for -rwxrwx--- ?
>
> 1) umask 007 will allow a user to create a file with permissions
> -rw-rw---- or 0660.  To make the file executable the user would have to
> chmod the file.  (Read the chmod man page.)  The easiest form is not the
> simplest to understand, chmod 770 filename.  Easier to understand is
> chmod u+x, g+x filename.
> 2) Referring back to your original post, the only user who can change
> the owner of a file is the owner of that file, with the chown command.
> For someone else to apparently change the owner of a file this means
> they first deleted the file then rewrote it (created a new file) to make
> it their own.  The only way this can happen is due to directory
> permissions.  If the users all have write permissions to the directory,
> then obviously they have permission to delete and create any files in
> the directory, not just their own.  I repeat, this is a function of
> directory permissions, not file permissions. To prevent this, you could
> add the sticky bit to the directory so only the owners can delete
> files.   From the chmod man page:
>
> STICKY DIRECTORIES
>        When  the sticky bit is set on a directory, files in that
> directory may
>        be unlinked or renamed only by root or their owner.  Without the
> sticky
>        bit,  anyone able to write to the directory can delete or rename
> files.
>        The sticky bit is commonly found on directories, such as /tmp,
> that are
>        world-writable.
>
> Play around with umask, chmod, chown etc, you'll get it figured out...
>
> John
>
>
>
> But this is all basic UN*X.  You should know this if you are
> administering a 50 user site...
>
> >
> >
>
>
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: