Bug 29175 - Any user can delete read-only root and other files if he owns the upper level directory
Summary: Any user can delete read-only root and other files if he owns the upper level...
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: filesystem
Version: 6.2
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Aaron Brown
Depends On:
TreeView+ depends on / blocked
Reported: 2001-02-24 11:58 UTC by chepishev
Modified: 2014-03-17 02:19 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2001-02-24 11:58:28 UTC

Attachments (Terms of Use)

Description chepishev 2001-02-24 11:58:19 UTC
I have found very serious bug in Linux file permissions. I have RedHat
6.2 with all patches applyed.

If you have one directory fo example  /xxx/yyy and the owner of xxx is
root but for yyy is user foo and if root create file in directory
/xxx/yyy/some.file with permissions

-rw-r--r--    root    root    some.file

it is logical user foo to not be able to delete file some.file and he
actually can not delete file, BUT if foo is owner to both /xxx and
/xxx/yyy directory and if root create file /xxx/yyy/some.file with the
permissions showed above the user foo is able to delete file without any
problems the message is:

[foo@host]$rm /xxx/yyy/some.file
rm: remove write-protected file `some.file'?
and when I say yes the file is deleted.

I think that this is very serious bug because local permissions MUST be
with higher priority


Comment 1 Bill Nottingham 2001-02-25 03:32:01 UTC
Completely intentional - standard unix behavior.

Note You need to log in before you can comment on or make changes to this bug.