From owner-freebsd-stable@FreeBSD.ORG Mon Oct 25 22:28:48 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 166C91065696 for ; Mon, 25 Oct 2010 22:28:48 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout024.mac.com (asmtpout024.mac.com [17.148.16.99]) by mx1.freebsd.org (Postfix) with ESMTP id F16DA8FC08 for ; Mon, 25 Oct 2010 22:28:47 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from cswiger1.apple.com ([17.209.4.71]) by asmtp024.mac.com (Oracle Communications Messaging Exchange Server 7u4-18.01 64bit (built Jul 15 2010)) with ESMTPSA id <0LAV008W9AFFWC70@asmtp024.mac.com> for freebsd-stable@freebsd.org; Mon, 25 Oct 2010 15:28:28 -0700 (PDT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15,1.0.148,0.0.0000 definitions=2010-10-25_11:2010-10-25, 2010-10-25, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1004200000 definitions=main-1010250150 From: Chuck Swiger In-reply-to: <4CC5F489.50403@omnilan.de> Date: Mon, 25 Oct 2010 15:28:27 -0700 Message-id: <88CBD70C-DA5A-4B3A-A703-7C0D6B189697@mac.com> References: <4CC5F489.50403@omnilan.de> To: Harald Schmalzbauer X-Mailer: Apple Mail (2.1081) Cc: freebsd-stable@freebsd.org Subject: Re: POSIX file permission (understanding) problem? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Oct 2010 22:28:48 -0000 On Oct 25, 2010, at 2:20 PM, Harald Schmalzbauer wrote: > chmod g+w testdir/ (as superuser, exit again) > ls -ld testdir > drwxrwx--x 2 nobody intern 512 25 Okt 23:03 testdir > ls -l testdir > total 0 > -rw-r----- 1 nobody intern 0 25 Okt 23:03 testfile > > -> Now editing with vi (as user harry) changes the ownership of the > file and writing is successfull: > ls -l testdir/ > total 2 > -rw-r----- 1 harry intern 5 25 Okt 23:10 testfile [ ... ] > Why does a write lead to owbership changes? You can't actually write to the file when owned by nobody as harry. However, since you have write permissions to the directory, you can delete the file and write a new file which is also called testfile. $ echo "hi" >> testfile cannot create testfile: Permission denied ...and in vi, force write ("w!") gives "Error: testfile: Permission denied." Perhaps you're using some odd tweaks to vi...? > How should I give users write access to directories but prohibit deliting particular files? Do I have to use uunlnk flag? No, you can set the sticky bit on the directory, which is what /tmp uses: STICKY DIRECTORIES A directory whose `sticky bit' is set becomes an append-only directory, or, more accurately, a directory in which the deletion of files is restricted. A file in a sticky directory may only be removed or renamed by a user if the user has write permission for the directory and the user is the owner of the file, the owner of the directory, or the super-user. This feature is usefully applied to directories such as /tmp which must be publicly writable but should deny users the license to arbitrarily delete or rename each others' files. Regards, -- -Chuck