Re: Security Issue

To: matthew@micrus-pop.fishkill.ibm.com
Cc: debian-user@lists.debian.org
Subject: Re: Security Issue
From: meierrj@frc.com
Date: Tue, 18 Mar 1997 18:06:43 -0500
Message-id: <[🔎] 199703182306.SAA21743@gold.frc.com>

Matthew,

> I'm not sure if this is normal, but it seems that any file owned by
> someone else and in one of my directories can be deleted by me ...
> I also can rename the file, but I can't alter the file. This holds true
> even if the file is owned by root.
> 
> Is this normal ?

	Yes.  Permissions are a frequent stumbling block for new unix users.
The concept is very simple and powerful.

> If so, what things can I do to someone elses file thats in one of my
> directories , just delete or rename the file ?

	Everything in unix is a file.  I'll say that again.  Everything in
unix is a file.  A directory is a file.

	If you will agree not to flame me for hyperbole, it may simplify
matters to think of the directory as the card catalog in a library.
You can see (read) and deface (rename) the card entry even if the
rare volume that it references is under lock and key.  If you remove the
card, that volume is inaccessible (deleted) to anyone using the card
catalog, but note that the book may still be accessible through another
card catalog.  Deleting the file in one directory does not actually delete
the file if there are hard links to it from other directories.

	The mode (permissions) of a file are nominally handled as triples
(r, w, x).

	r - permission to see the contents of the file
                                  contents of the directory (index file)
                                  input of the device
	w - permission to alter the contents of the file
                                  contents of the directory (index file)
                                  output of the device
	x - permission to execute the contents of the file
                                  the search of the directory (index file)

	Each file has an assigned user and group.   The mode has three
triples that apply respectively to the user, group, and others.  For further
information see "man chmod".

	If you have write permission on the directory, you have the ability
to alter its contents (the file index) including deletion, and renaming.
You even have this permission if you don't have read or search permission!

> As root, what if I want to keep a file in someones directory without them
> deleteing it ?  As I see it now, that can't be done ?!?!?

	Root can delegate authority over a directory by granting write
permission to its user.  This is the customary permission for home directories.
So long as that authority has been delegated, root cannot prevent a user from
removing any file including those owned by root.  If root needs to keep a
file in a directory despite all other efforts, then root must own and deny
anyone else write access to the directory and all its parents.

	It is customary that root own only critical files
(/etc/passwd, /etc/ppp/pap-secrets, etc.) and directories (/etc, /bin).
Most of the address space is delegated to officers (operator, uucp, mail,
etc.) and groups (staff, adm, www, etc.) determined by convention and
experience.

	This separation of authority makes unix much easier to manage for
multi-user installations.  It also provides a check system that limits
the spread of either accidental or malicious interference (viruses).  Most
professional system administrators that I know usually cringe at the thought
of unnecessary use of root and its ability to destroy everything with a few
mistaken keystrokes.  sudo, doas, and well-chosen group assignments provide
a safety net.

						Hope this helps,
-- 
						Robert Meier

FANUC Robotics North America, Inc.	Internet: meierrj@frc.com
Voice: 1-810-377-7469			Fax:      1-810-377-7363

Reply to:

Prev by Date: GUI, WIMP
Next by Date: gs, printer
Previous by thread: Re: Security Issue
Next by thread: Re: Security Issue
Index(es):
- Date
- Thread