From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040625 Epiphany/1.2.6 Description of problem: If I create a file that is owned by root, I can delete it as an ordinary user! Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. touch p 2. chmod 644 p 2. sudo chown root.root p 3. rm p Actual Results: file "p" is deleted Expected Results: should not be able to delete Additional info: grep \^root /etc/group ~ root:x:0:root I am user vinci. grep \^vinci /etc/group vinci:x:500: My dir looks like this: drwx------ 79 vinci vinci 4096 5. Jul 18:17 /home/vinci/
I have seen this before: not really sure if this is not a feature. I think you'll find it only works in directories that you own. [Btw "sudo touch p ; rm p" is a quickly way to reproduce this.]
The same thing in bash.
This is not unexpected behavior. User "vinci" owns the directory, and is allowed to write new contents to that directory. Removing a file is not an action on the file, it is an action on the directory that contains that file. User "vinci" will not be able to change the file itself. If you try doing "cd ; sudo touch p ; echo 'foobar' >> p" you'll see what I mean. Trying to remove any root-owned files in a directory owned by root will fail. You're simply seeing normal behavior; this should be changed to NOTABUG.
According to the POSIX standard, this behavior is acceptable. I'm closing this as NOTABUG.