Red Hat Bugzilla – Bug 29175
Any user can delete read-only root and other files if he owns the upper level directory
Last modified: 2014-03-16 22:19:14 EDT
I have found very serious bug in Linux file permissions. I have RedHat
6.2 with all patches applyed.
If you have one directory fo example /xxx/yyy and the owner of xxx is
root but for yyy is user foo and if root create file in directory
/xxx/yyy/some.file with permissions
-rw-r--r-- root root some.file
it is logical user foo to not be able to delete file some.file and he
actually can not delete file, BUT if foo is owner to both /xxx and
/xxx/yyy directory and if root create file /xxx/yyy/some.file with the
permissions showed above the user foo is able to delete file without any
problems the message is:
rm: remove write-protected file `some.file'?
and when I say yes the file is deleted.
I think that this is very serious bug because local permissions MUST be
with higher priority
Completely intentional - standard unix behavior.