From owner-freebsd-questions Sun May 4 08:11:09 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA28794 for questions-outgoing; Sun, 4 May 1997 08:11:09 -0700 (PDT) Received: from helbig.informatik.ba-stuttgart.de (helbig.informatik.ba-stuttgart.de [141.31.166.22]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA28789 for ; Sun, 4 May 1997 08:11:05 -0700 (PDT) Received: (from helbig@localhost) by helbig.informatik.ba-stuttgart.de (8.8.5/8.8.5) id RAA00702; Sun, 4 May 1997 17:10:50 +0200 (MET DST) From: Wolfgang Helbig Message-Id: <199705041510.RAA00702@helbig.informatik.ba-stuttgart.de> Subject: Re: permissions In-Reply-To: from The Devil Himself at "May 4, 97 07:02:33 am" To: fullermd@narcissus.ml.org (The Devil Himself) Date: Sun, 4 May 1997 17:10:50 +0200 (MET DST) Cc: un_x@anchorage.net, questions@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL30 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hi, > On Sat, 3 May 1997, abc xyz wrote: > > > > > why is it that i can open, modify, and save changes to a > > > > file with r--r--r-- perms (as root)? shouldn't a file be > > > > read only under these conditions? > > > > ------------------------------------------------------------------------- > > > > > > What do you mean, "as root"? > > > > i mean i can do these things as root (2.2.1). > > i guess i should've added that the files ARE > > owner root, group wheel. i don't think i > > should be able to modify such files, but i can. > > it's interesting that you say you can't. > > are you using 2.2.1? > > > > > If the file belongs to root, and you are anyone, including root, then you > > > have a problem. > > > Doesn't sound like a common one, because I had some files on my system > > > r--r--r-- owner root, group wheel, and I got annoyed because I couldn't > > > save changes, even as root. > > This was on a 2.1.6 system. > I've also experienced it on a 2.2-STABLE 4/26/97 system. > I've also come across it on a AIX 3.2.4 (shudder) system. > When you say modify and save changes, how are you doing this? > vi? > pico? > emacs? > echo? > Wasn't there some hole in emacs, about it ignoring file permissions? > I'm pretty sure there was one a while ago about it ignoring ownership... The file permissions are enforced by the kernel, i. e. even if some userland software ignores the permissions, the kernel won't let you write, read or execute in violation of the permission rules. If you are root -- more precisely if your UID is 0 -- the permission rules allow you to read and write regardless of the permission flags and owner of the file in question. To protect a file from root, you have to set the immutable flag with the chflags(1) command. E. g. this is done by the install target of the kernel Makefile to prevent root from hosing the kernel by changing or deleting it accidently. An $ ls -ol /kernel /kernel.old shows the setting of this flag: -r-xr-xr-x 1 root wheel schg 793551 2 Mai 21:37 /kernel -r-xr-xr-x 1 root wheel - 788710 26 Apr 19:36 /kernel.old Wolfgang