Bug 127269 - user can delete files owned by root
Summary: user can delete files owned by root
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: zsh
Version: 2
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jens Petersen
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-07-05 16:27 UTC by Thilo Pfennig
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-07-06 15:32:54 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Thilo Pfennig 2004-07-05 16:27:23 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040625 Epiphany/1.2.6

Description of problem:
If I create a file that is owned by root, I can delete it as an
ordinary user!

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. touch p
2. chmod 644 p
2. sudo chown root.root p
3. rm p
    

Actual Results:  file "p" is deleted

Expected Results:  should not be able to delete

Additional info:

grep \^root /etc/group                                                ~
root:x:0:root

I am user vinci.
grep \^vinci /etc/group                                               
vinci:x:500:

My dir looks like this:
drwx------  79 vinci vinci 4096  5. Jul 18:17 /home/vinci/

Comment 1 Jens Petersen 2004-07-06 03:32:48 UTC
I have seen this before: not really sure if this is not a feature.
I think you'll find it only works in directories that you own.

[Btw "sudo touch p ; rm p" is a quickly way to reproduce this.]

Comment 2 Jens Petersen 2004-07-06 05:01:42 UTC
The same thing in bash.

Comment 3 Paul W. Frields 2004-07-06 12:32:56 UTC
This is not unexpected behavior. User "vinci" owns the directory, and
is allowed to write new contents to that directory. Removing a file is
not an action on the file, it is an action on the directory that
contains that file. User "vinci" will not be able to change the file
itself. If you try doing "cd ; sudo touch p ; echo 'foobar' >> p"
you'll see what I mean. Trying to remove any root-owned files in a
directory owned by root will fail.

You're simply seeing normal behavior; this should be changed to NOTABUG.

Comment 4 Josh Bressers 2004-07-06 15:32:54 UTC
According to the POSIX standard, this behavior is acceptable.  I'm
closing this as NOTABUG.


Note You need to log in before you can comment on or make changes to this bug.