permissions in home directory
Jerry Heyman
zebr360 at ut-emx.uucp
Thu Jan 17 14:05:56 AEST 1991
In article <5716 at rex.cs.tulane.edu> dejesus at bourbon.ee.tulane.edu (Francisco X DeJesus) writes:
>
> Ok, here's the situation: I'm trying to set up a guest account with
>a fixed .login and .cshrc. I thought of simply putting those two files the
>way I want them set up in the guest account's home directory, and have them
>owned by root, group root, and read-only (permission: -r--r--r--). The
>problem is that even with this setup the guest can delete them! What did
>I miss?
>
Some people would argue that this is a security flaw (and I have raised
this issue before), but in reality you are setting the protections on the
file (who can read it or write it). Files inherit their deletion properties
from the directory that they reside in.
Because user guest has write (hence delete) permission in his own directory,
any files that are created in that directory can be deleted.
>--
> ___ / _______________________________ - Francisco X DeJesus
jerry heyman
--
Jerry Heyman by day: IBM AWD, AIX Development
zebr360 at emx.utexas.edu by nite: Adjunct Lecturer at St. Edward's Univ.
*All comments are my own and should not be construed to represent any one else
More information about the Comp.unix.aux
mailing list