[GLLUG] root access

[Matt Graham]

On Friday 12 April 2002 13:57, Charles Williams wrote:
> I tried this out as myself (willcha) and NOT as root.
>
> 1.) A directory I have ownership in (by way of my group). A file I
> don't have permission for.
> I can ftp the file to my hard drive.
> I can delete this file from the Solaris Unix web server while I'm in
> ws_ftp. I can then replace the file on the Solaris Unix server and it
> now has my ownership.

> Dennis (below) says it's "definitely the default" and if that's so
> then I can cautiously say that such installations here are done by
> the defaults.

Defaults always seem to have weird problems with them.

> And pfaffben says it's "allowed" and not a security hole. Ok. I'll
> buy that. There's lots of things that make me wonder and this was one
> of them.

Yep.  Directory permissions can be a little tricky to understand at 
first, particularly the "write" bit.  If a user has write permission to 
a directory, the user can:

Delete any file in that directory  *
Create a new file in that directory
Rename any file in that directory  *

If the sticky bit is set on a directory, the *ed lines change "any 
file" to "any file the user owns".  The sticky bit is typically set on 
/tmp , but rarely used elsewhere.  There *might* be another good use 
for the sticky bit, but can't think of it right now.

Most tools (like rm) will also check the permission bits of the file in 
question, so if you "touch foo ; chmod -w foo ; rm foo" you will get 
something like "remove write-protected file 'foo' ?" and rm will remove 
it iff you say "y".

-- 
   The early bird who catches the worm works for someone who comes in
   late and owns the worm farm.
   -- Travis McGee
There is no Darkness in Eternity/But only Light too dim for us to see