Home / ubuntu / Questions / 108697
Accepted
Pomario
Asked: 2012-02-29 17:12:06 +0800 CST

Doubt about file access rights between user/groups

  • 772

I am the single user on this Linux machine. I tried the following procedure to protect files, but it does not work as I expected. Could someone explain why?

$ touch file
$ sudo chown root:root file
$ sudo chmod a-w file
$ ls -l file
-r--r--r-- 1 root root 0 2012-02-29 01:06 file
$ rm file
rm: remove write-protected regular empty file `file'? yes
$ ls -l file
ls: cannot access file: No such file or directory

"File" is read-only and owned by root. Why was my regular user able to delete it?

permissions

1 Answers

  1. Best Answer

    It is an odd behavior of linux permissions, but permissions to delete files are granted by the permissions on the directory, not the file.

    Try this:

    mkdir test
touch test/file

# Make the Directory ro
chmod a-w test

ls -l test/file
-rw-rw-r-- 1 bodhi bodhi 0 2012-02-28 21:13 test/file

rm test/file
rm: cannot remove `test/file': Permission denied

    Write permission. On a regular file, this means you can modify the file, aka write new data to the file. In the case of a directory, the write permission means you can add, remove, and rename files in the directory. This means that if a file has the write permission bit, you are allowed to modify the file's contents, but you're allowed to rename or delete the file only if the permissions of the file's directory allow you to do so.

    See http://www.tuxfiles.org/linuxhelp/filepermissions.html

    To allow (RW) access to file, but prevent deletion or renaming, set the sticky bit on the directory.

    # change "test" to your directory
chmod +t test
touch test/file
chmod a+w test/file

ls -l | grep test
drwxrwxrwt 4 bodhi bodhi  4096 2012-03-07 17:08 test

ls -l test | grep file
-rw-rw-rw- 1 bodhi bodhi   13 2012-03-07 17:10 file

# su to another user, "test"
test@ufbt:/home/bodhi$ echo 'It works !!!' >> test/file

test@ufbt:/home/bodhi$ cat test/file
It works !!!

test@ufbt:/home/bodhi$ rm test/file
rm: cannot remove `test/file': Operation not permitted

    http://www.techcuriosity.com/resources/linux/advanced_file_permissions_in_linux.php

    If the sticky bit is set for a directory, only the owner of that directory or the owner of a file can delete or rename a file within that directory.

    • 4