Date: Tue, 22 Dec 1998 13:11:12 -0500 From: Graeme Tait <graeme@echidna.com> To: "Bond, Jeffery" <Jeff.Bond@nectech.co.uk> Cc: "'cjclark@home.com'" <cjclark@home.com>, "'questions@freebsd.org'" <questions@FreeBSD.ORG> Subject: Re: Basic Security Question Message-ID: <367FE0C0.98E@echidna.com> References: <084DD226F592D211988800A024AC583B02B789@exchange.nectech.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Bond, Jeffery wrote: > > I still believe you are wrong. When you su'd to cjc (from root), you still > have root priviliges. Check the owner ship of passwd.old after you moved it, > its still owned by root. If you logged in as cjc rather than su-ing from > root, you will find that I am right, and the mv command will fail. Wrong! Perhaps *you* should try it. (I did.) The mv command can be used to rename the passwd file if the user has write and execute privileges on the containing directory. The user does *not* require read or write privileges on the file. The mv command preserves the ownership, permissions, access times, etc. of the original file to the extent possible. That's why the passwd.old file is still owned by root. There is one complication with mv in this respect (see man mv) - as a rename(2) cannot be made across filesystems, mv is performed in this case using cp(1). So even if the source and destination directories have appropriate permissions, the mv will fail without read permission on the source file for a move across file systems. And even though with read permission, the copy can proceed, the original ownership may not be preserved. As a UNIX newbie, I must say even this simple command (mv) has so many subtleties to it, which I've been slowly discovering in playing with this, that I'm wondering if I'll ever really understand what I'm doing! > > -----Original Message----- > > From: Crist J. Clark [SMTP:cjc@cc942873-a.ewndsr1.nj.home.com] > > Sent: 18 December 1998 14:09 > > To: Jeff.Bond@nectech.co.uk > > Subject: Re: Basic Security Question > > > > Bond, Jeffery wrote, > > > Just because the directory is writable, this doesnt mean the existing > > files > > > in it are too. You won't be able to do 'mv passwd passwd.old'. > > > > Sorry, that's plain wrong. You can't write to the files, but you _can_ > > move them or even remove them. Below is the actual screen output of me > > testing this with my root and a user account (you can watch the file > > containing the output grow as I type ;). The prompt with the '#' is > > of course the root account. <snipped> -- Graeme Tait - Echidna To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?367FE0C0.98E>