Filesystem permissions!? Normal user can delete root/400 file!!!?

gnoma

Active Member

Reaction score: 17
Messages: 181

Hello,

I think something's very wrong here, but there should be an explonation, I just don't know what it is and I would really appreciate some help.

I have created a file owned by root:wheel and I have change it's permissions to 400 (-r--------) and when I switch to my user which is not root I am able to delete the file.

It's simple as that and it should be simple as that not possible but it appears to be quite possible. Tested it several times on 4 different FreeBSD 11.0 systems.
Please check this output.

Code:
root@datacore3:/home/k_georgiev/test # pwd
/usr/home/k_georgiev/test
root@datacore3:/home/k_georgiev/test # touch file
root@datacore3:/home/k_georgiev/test # ls -la
total 10
drwxr-xr-x  2 k_georgiev  k_georgiev   3 Apr  5 20:32 .
drwxr-xr-x  6 k_georgiev  k_georgiev  14 Apr  5 20:32 ..
-rw-r--r--  1 root        k_georgiev   0 Apr  5 20:32 file
root@datacore3:/home/k_georgiev/test # echo test123 > file
root@datacore3:/home/k_georgiev/test # chown root:wheel file
root@datacore3:/home/k_georgiev/test #
root@datacore3:/home/k_georgiev/test # chmod 400 file
root@datacore3:/home/k_georgiev/test # ls -la
total 10
drwxr-xr-x  2 k_georgiev  k_georgiev   3 Apr  5 20:32 .
drwxr-xr-x  6 k_georgiev  k_georgiev  14 Apr  5 20:32 ..
-r--------  1 root        wheel        8 Apr  5 20:32 file
root@datacore3:/home/k_georgiev/test # exit
logout
$ pwd
/usr/home/k_georgiev/test
$ id
uid=1001(k_georgiev) gid=1001(k_georgiev) groups=1001(k_georgiev),0(wheel)
$
$ ls -la
total 10
drwxr-xr-x  2 k_georgiev  k_georgiev   3 Apr  5 20:32 .
drwxr-xr-x  6 k_georgiev  k_georgiev  14 Apr  5 20:32 ..
-r--------  1 root        wheel        8 Apr  5 20:32 file
$ rm file
override r--------  root/wheel uarch for file? y
$ ls -la
total 9
drwxr-xr-x  2 k_georgiev  k_georgiev   2 Apr  5 20:33 .
drwxr-xr-x  6 k_georgiev  k_georgiev  14 Apr  5 20:32 ..
$
Does anybody have idea why this is possible?
Am I crazy or something's very wrong?

Thank you
 

Bobi B.

Well-Known Member

Reaction score: 142
Messages: 333

Yes, because you have rights to write in the directory, where file is.
 

ShelLuser

Son of Beastie

Reaction score: 1,694
Messages: 3,512

Bobi B. is fully on the mark here. Note that removing the file is more or less a change within the directory. If you try to edit (or read) the file you'll notice that those actions are still impossible.

(edit) on a side-note please keep in mind that 11.0 is no longer supported, its probably safer to upgrade to 11.1.
 

phoenix

Administrator
Staff member
Administrator
Moderator

Reaction score: 1,224
Messages: 4,074

Think of a directory as nothing more than a text file that lists all the metadata about the actual files.

To list the contents of the directory, you need to be able to read the directory "file". (Read permission)

To create a file, you need to be able to write an entry into the directory "file". (Write permission)

To remove a file, you need to be able to remove the entry from the directory "file". (Write permission)

To be able to change into the directory, you need to be able to execute the directory "file". (Execute permission)

Similar to how you do the same actions on actual files.
 
Last edited:
Top