Date: Tue, 22 Dec 1998 17:07:17 -0000 From: "Bond, Jeffery" <Jeff.Bond@nectech.co.uk> To: "'questions@freebsd.org'" <questions@FreeBSD.ORG> Subject: FW: Basic Security Question Message-ID: <084DD226F592D211988800A024AC583B02B78B@exchange.nectech.co.uk>
next in thread | raw e-mail | index | archive | help
> Oops, I just tried it for myself. I now agree with you, you _were_ right > all along. Sorry, I never realised this, it's true that you learn > something new every day. > > Does the group ID come into play? When I tried it just now, I added group > write permission to /etc and then logged in as 'jeff' (a normal user), I > could move the 'passwd' file which had write permission only enabled for > the owner (root). Did this work because user 'jeff' is also in the 'wheel' > group? (passwd file has GID of 'wheel')? If 'jeff' was not in group > 'wheel', would it fail? > > Regards, > > Jeff > > -----Original Message----- > From: Crist J. Clark [SMTP:cjc@scitec.com] > Sent: 22 December 1998 17:10 > To: Jeff.Bond@nectech.co.uk > Cc: cjclark@home.com; questions@FreeBSD.ORG > Subject: Re: Basic Security Question > > Bond, Jeffery wrote, > > I still believe you are wrong. When you su'd to cjc (from root), you > still > > have root priviliges. Check the owner ship of passwd.old after you moved > it, > > its still owned by root. If you logged in as cjc rather than su-ing from > > root, you will find that I am right, and the mv command will fail. > > Nope, I'm right. When I su to cjc, I /am/ cjc. No root privileges, I > could not append or edit passwd.old if I had tried. The ability to > create, remove, and rename (move) a file is determined by the > directory's permissions, not the file's. As I pointed out in my > original mail, see 'man sticky' on how to prevent files from being > removed or moved by other users in a world writable diretory. Here is > an excerpt from that manpage, > > "[The sticky bit] is usefully applied to directories such as /tmp > which must be publicly writable but should deny users the license > to arbitrarily delete or rename each others' files." > -- > Crist J. Clark cjc@scitec.com > SciTec, Inc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?084DD226F592D211988800A024AC583B02B78B>