Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tlug: Simple rm question



On Wed, Sep 30, 1998 at 08:56:57PM +0900, Scott Stone wrote:
> On Wed, 30 Sep 1998, Neil Booth wrote:
> 
> > Why, when I'm logged in as myself, can I delete root-owned, read-only
> > files using rm?
> > 
> > I get asked for confirmation like "delete XYZ, overriding mode 0644?"
> > 
> > There must be a setting somewhere to stop this, as it seems a basic
> > security hole. Couldn't find anything in the man pages.
> 
> It's because you own and have write permission in the directory containing
> the file.  It's like playing Go - root has a group with only one eye, and
> you've got it surrounded :)

Ye, Gods!  I should never have showed him the game.  <shake head>

Anyway, Neil, both "files" and "directories" in Unix filesystems use
something called an "inode" as the primary data structure.  A directory
is indistinguishable from a file -- they are really the same thing.  The
only difference is that the contents (the data blocks pointed to from
the inode) of a directory contain a table, where each row in the table
contains a name and a pointer to an inode.  The contents of a file, of
course, are just arbitrary data.  To remove a file from the directory
you must delete a row in the table.

One surprising result is that to rm a file -- actually the unlink()
system call under the covers -- you have to modify the contents of the
parent directory, NOT the file's contents itself.  (Actually one
modification is made to the file's inode: the nlink counter is reduced
by one -- if it goes to zero the datablocks and inode are reclaimed).

Most modern Unix systems add a wrinkle: if the sticky bit is set on the
directory (chmod +t /path/to/dir) only the owner of a file may delete
it.

My favorite write-up of Unix filesystems is in the BSD 4.4 Operating
System Internals book (or whatever it's called -- the one with the
little devil on the cover).

Regards,
-- 
Rex
---------------------------------------------------------------
Next Meeting: 10 October, 12:30 Tokyo Station Yaesu central gate
Featuring the IMASY Eng. Team on "IPv6 - The Next Generation IP"
Next Nomikai: 20 November, 19:30  Tengu TokyoEkiMae 03-3275-3691
---------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links