Bug 81321
| Summary: | User can delete root owned files | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Need Real Name <florin> |
| Component: | kernel | Assignee: | Arjan van de Ven <arjanv> |
| Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.3 | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2003-01-08 11:42:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
this is expected behavior actually. you own the directory, you can toss it out of the list of files.... |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021203 Description of problem: florin@barney ~$ uname -a Linux barney 2.4.18-19.7.x #1 Thu Dec 12 09:00:42 EST 2002 i686 unknown florin@barney ~$ ls -l total 4 -rw-r--r-- 1 root root 9 Jan 7 20:43 a florin@barney ~$ whoami florin florin@barney ~$ rm -f a removing `a' florin@barney ~$ ls -l a ls: a: No such file or directory florin@barney ~$ User florin can delete the file a (or even directories) owned by root (or any other user) if in its home directory. Stock kernel. Standard Redhat 7.3 installation with the latest upgrades. Tested on ext3 and nfs filesystems. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Create a file as root inside an user's home directory 2. Login as the user 3. Delete the file owned by root Actual Results: The file owned by root was deleted. Expected Results: Permission denied. Additional info: