Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 29175 - Any user can delete read-only root and other files if he owns the upper level directory
Any user can delete read-only root and other files if he owns the upper level...
Product: Red Hat Linux
Classification: Retired
Component: filesystem (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Aaron Brown
Depends On:
  Show dependency treegraph
Reported: 2001-02-24 06:58 EST by chepishev
Modified: 2014-03-16 22:19 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-02-24 06:58:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description chepishev 2001-02-24 06:58:19 EST
I have found very serious bug in Linux file permissions. I have RedHat
6.2 with all patches applyed.

If you have one directory fo example  /xxx/yyy and the owner of xxx is
root but for yyy is user foo and if root create file in directory
/xxx/yyy/some.file with permissions

-rw-r--r--    root    root    some.file

it is logical user foo to not be able to delete file some.file and he
actually can not delete file, BUT if foo is owner to both /xxx and
/xxx/yyy directory and if root create file /xxx/yyy/some.file with the
permissions showed above the user foo is able to delete file without any
problems the message is:

[foo@host]$rm /xxx/yyy/some.file
rm: remove write-protected file `some.file'?
and when I say yes the file is deleted.

I think that this is very serious bug because local permissions MUST be
with higher priority

Comment 1 Bill Nottingham 2001-02-24 22:32:01 EST
Completely intentional - standard unix behavior.

Note You need to log in before you can comment on or make changes to this bug.