Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 81321 - User can delete root owned files
Summary: User can delete root owned files
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel
Version: 7.3
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-01-08 02:00 UTC by Need Real Name
Modified: 2007-04-18 16:49 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-01-08 11:42:50 UTC


Attachments (Terms of Use)

Description Need Real Name 2003-01-08 02:00:33 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021203

Description of problem:
florin@barney ~$ uname -a
Linux barney 2.4.18-19.7.x #1 Thu Dec 12 09:00:42 EST 2002 i686 unknown
florin@barney ~$ ls -l
total 4
-rw-r--r--    1 root     root            9 Jan  7 20:43 a
florin@barney ~$ whoami
florin
florin@barney ~$ rm -f a
removing `a'
florin@barney ~$ ls -l a
ls: a: No such file or directory
florin@barney ~$ 

User florin can delete the file a (or even directories) owned by root (or any
other user) if in its home directory. Stock kernel. Standard Redhat 7.3
installation with the latest upgrades. Tested on ext3 and nfs filesystems. 

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Create a file as root inside an user's home directory
2. Login as the user
3. Delete the file owned by root
    

Actual Results:  The file owned by root was deleted.

Expected Results:  Permission denied.

Additional info:

Comment 1 Arjan van de Ven 2003-01-08 11:42:50 UTC
this is expected behavior actually. you own the directory, you can toss it out
of the list of files....


Note You need to log in before you can comment on or make changes to this bug.