Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 25 Oct 2010 15:28:27 -0700
From:      Chuck Swiger <cswiger@mac.com>
To:        Harald Schmalzbauer <h.schmalzbauer@OmniLAN.de>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: POSIX file permission (understanding) problem?
Message-ID:  <88CBD70C-DA5A-4B3A-A703-7C0D6B189697@mac.com>
In-Reply-To: <4CC5F489.50403@omnilan.de>
References:  <4CC5F489.50403@omnilan.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Oct 25, 2010, at 2:20 PM, Harald Schmalzbauer wrote:
> chmod g+w testdir/ (as superuser, exit again)
> ls -ld testdir
> drwxrwx--x  2 nobody  intern  512 25 Okt 23:03 testdir
> ls -l testdir
> total 0
> -rw-r-----  1 nobody  intern  0 25 Okt 23:03 testfile
> 
> 	-> Now editing with vi (as user harry) changes the ownership of the
> file and writing is successfull:
> ls -l testdir/
> total 2
> -rw-r-----  1 harry  intern  5 25 Okt 23:10 testfile

[ ... ]
> Why does a write lead to owbership changes?

You can't actually write to the file when owned by nobody as harry.  However, since you have write permissions to the directory, you can delete the file and write a new file which is also called testfile.

$  echo "hi" >> testfile
cannot create testfile: Permission denied

...and in vi, force write ("w!") gives "Error: testfile: Permission denied."
Perhaps you're using some odd tweaks to vi...?

> How should I give users write access to directories but prohibit deliting particular files? Do I have to use uunlnk flag?

No, you can set the sticky bit on the directory, which is what /tmp uses:

STICKY DIRECTORIES
     A directory whose `sticky bit' is set becomes an append-only directory,
     or, more accurately, a directory in which the deletion of files is
     restricted.  A file in a sticky directory may only be removed or renamed
     by a user if the user has write permission for the directory and the user
     is the owner of the file, the owner of the directory, or the super-user.
     This feature is usefully applied to directories such as /tmp which must
     be publicly writable but should deny users the license to arbitrarily
     delete or rename each others' files.

Regards,
-- 
-Chuck

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?88CBD70C-DA5A-4B3A-A703-7C0D6B189697>