Re: Permission violations
On Tue, 08 Nov 2011 22:37:38 +0100, Anon wrote:
> Hello,
>
> I'm not quite sure whom I should send this report to but recently I've
> noticed that I can remove files which owner is root and that have access
> mode set as 644 (see example below). I'm using Debian wheezy/sid with
> 3.0.0-2-amd64 #1 SMP kernel.
>
> # touch rootfile # ls -l rootfile -rw-r--r-- 1 root root 0 Nov 8 22:21
> rootfile ouid@laptop:~$ id uid=1000(ouid) gid=1000(ouid)
> groups=1000(ouid),24(cdrom),25(floppy),29(audio),30(dip),44(video),46
(plugdev),105(netdev)
> $ rm rootfile rm: remove write-protected regular empty file `rootfile'?
> y
>
> And then the file was removed, as you can see I've checked my uid, I've
> also checked whether there is sticky bit in bash or rm:
>
> $ ls -l /bin/rm -rwxr-xr-x 1 root root 60472 Oct 1 18:48 /bin/rm $ ls
> -l /bin/bash -rwxr-xr-x 1 root root 926536 Apr 10 2010 /bin/bash
>
> Finally I've checked my /etc/sudoers and there is no NOPASSWD set for
> the user.
> I've tried to reproduce it with another user but everything works as it
> should, i.e. I couldn't remove files which owner is root, so I assume
> that maybe there was a problem with amd64 testing netinstall iso which I
> installed my system from.
>
> Thanks in advance.
Ability to rm a file depends on permissions on the containing directory.
Reply to: