29175 – Any user can delete read-only root and other files if he owns the upper level directory

Bug 29175 - Any user can delete read-only root and other files if he owns the upper level directory

Summary: Any user can delete read-only root and other files if he owns the upper level...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	filesystem
Sub Component:
Version:	6.2
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Bill Nottingham
QA Contact:	Aaron Brown
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-02-24 11:58 UTC by chepishev
Modified:	2014-03-17 02:19 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2001-02-24 11:58:28 UTC
Embargoed:

Attachments	(Terms of Use)

Description chepishev 2001-02-24 11:58:19 UTC

I have found very serious bug in Linux file permissions. I have RedHat
6.2 with all patches applyed.

If you have one directory fo example  /xxx/yyy and the owner of xxx is
root but for yyy is user foo and if root create file in directory
/xxx/yyy/some.file with permissions

-rw-r--r--    root    root    some.file

it is logical user foo to not be able to delete file some.file and he
actually can not delete file, BUT if foo is owner to both /xxx and
/xxx/yyy directory and if root create file /xxx/yyy/some.file with the
permissions showed above the user foo is able to delete file without any
problems the message is:

[foo@host]$rm /xxx/yyy/some.file
rm: remove write-protected file `some.file'?
and when I say yes the file is deleted.

I think that this is very serious bug because local permissions MUST be
with higher priority

By

Comment 1 Bill Nottingham 2001-02-25 03:32:01 UTC

Completely intentional - standard unix behavior.

Note You need to log in before you can comment on or make changes to this bug.