[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Wrong security attributes. Maybe a bug?

Joshua C. wrote:
2009/1/21 Steve Grubb <sgrubb redhat com>:
On Wednesday 21 January 2009 05:19:39 pm nodata wrote:
Am Dienstag, den 20.01.2009, 06:44 -0500 schrieb Steve Grubb:
On Monday 19 January 2009 04:13:09 pm Manuel Wolfshant wrote:
actually after chattr +i not even root can modify / delete the file:
True. But you can chattr -i ./foo and then edit the file remembering to
make it immutable again when you are done editing it. Not as automatic as
one might like, but that's how to do it.
That would mean a race though. Better to fix directory permissions :)
The original question was about a file owned by root but readable by others. I
assume 0644 permissions. The root ownership still protects it.


This makes part of it useless: If the owner is root but I still can
delete/modify the file (because if dir permissions) then the ownership
doesn't matter. The file was set to 444. The idea was to have a file
that cannot be deleted/modified but only read by everyone regardless
of the directory permissions. And the only suitable answer is to set
it +i.

Or make the directory sticky if you must give untrusted users write access to it and do not want them to be able to unlink or rename one another's files?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]