permissions question - SGI

This is a discussion on permissions question - SGI ; # user-1 logs on $ id uid=1300(user-1) gid=300(lusers) $ pwd /usr/people/user-1 $ mkdir -p a/b # user-2 logs on $ id uid=2300(user-2) gid=300(lusers) $ pwd /usr/people/user-2 $ cp -rp ../user-1/a . $ ls -ld a drwxr-xr-x 7 user-1 lusers 95 ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: permissions question

  1. permissions question

    # user-1 logs on
    $ id
    uid=1300(user-1) gid=300(lusers)
    $ pwd
    /usr/people/user-1
    $ mkdir -p a/b

    # user-2 logs on
    $ id
    uid=2300(user-2) gid=300(lusers)
    $ pwd
    /usr/people/user-2
    $ cp -rp ../user-1/a .
    $ ls -ld a
    drwxr-xr-x 7 user-1 lusers 95 Dec 8 13:13 a
    $ rm -rf a
    UX:rm: ERROR: Cannot remove directory a/b: Permission denied
    UX:rm: ERROR: Cannot remove directory a: Directory not empty

    # user-1 must remove the files (assuming he has access to
    # /usr/people/user-2).
    $ rm -rf a
    UX:rm: ERROR: Cannot remove directory a: Permission denied

    # user-2 completes the job
    $ rmdir a

    ------

    I am missing something? cp -p can lead to unremovable files.

    --
    wave++ (also known, in some places, as "Yuri D'Elia") http://www.yuv.info/
    The email address is fake (thanks swen)! You know how to contact me anyway.

  2. Re: permissions question

    wave++ wrote:
    > # user-1 logs on
    > $ id
    > uid=1300(user-1) gid=300(lusers)
    > $ pwd
    > /usr/people/user-1
    > $ mkdir -p a/b
    >
    > # user-2 logs on
    > $ id
    > uid=2300(user-2) gid=300(lusers)
    > $ pwd
    > /usr/people/user-2
    > $ cp -rp ../user-1/a .
    > $ ls -ld a
    > drwxr-xr-x 7 user-1 lusers 95 Dec 8 13:13 a
    > $ rm -rf a
    > UX:rm: ERROR: Cannot remove directory a/b: Permission denied
    > UX:rm: ERROR: Cannot remove directory a: Directory not empty
    >
    > # user-1 must remove the files (assuming he has access to
    > # /usr/people/user-2).
    > $ rm -rf a
    > UX:rm: ERROR: Cannot remove directory a: Permission denied
    >
    > # user-2 completes the job
    > $ rmdir a
    >
    > ------
    >
    > I am missing something? cp -p can lead to unremovable files.


    The problem is, is that you are allowed to give away ownership to other
    users, but you can't take it back.

    So your 'cp -p' works because you are allowed to copy the files &
    directories and then assign the ownership of the copies back to the
    original owner.

    But when you try to remove them, you can't remove a because it has b
    inside it, and you can't remove b because you don't own a. You've
    painted yourself into a corner and the only logical way out is to be
    able to chown a back to yourself so that you can remove b, but of
    course you aren't allowed to take ownership of someone else's files.

    There's nothing special about cp, by the way. You can do the same
    thing like so:

    ivanr@omen ~> mkdir a
    ivanr@omen ~> mkdir a/b
    ivanr@omen ~> chown guest a/b
    ivanr@omen ~> chown guest a
    ivanr@omen ~> rm -rf a
    Cannot remove directory a/b: Permission denied
    Cannot remove directory a: Directory not empty
    Exit 2
    ivanr@omen ~> chown ivanr a
    a - Operation not permitted
    Exit 2
    ivanr@omen ~> chown ivanr a/b
    a/b - Operation not permitted
    Exit 2
    ivanr@omen ~> rmdir a/b
    a/b: Search or write permission needed
    Exit 2

    If a were a file or an empty directory, you would be allowed to delete
    it because you would own the parent directory, but since it is a
    directory with something in it there's nothing you can do, except ask
    the other user to do you a favour. I hope you weren't trying to steal
    his porn collection...

    Ivan

  3. Re: permissions question

    On 2003-12-08, Ivan Rayner wrote:
    >> I am missing something? cp -p can lead to unremovable files.

    >
    > The problem is, is that you are allowed to give away ownership to other
    > users, but you can't take it back.


    I didn't know that.

    > If a were a file or an empty directory, you would be allowed to delete
    > it because you would own the parent directory, but since it is a
    > directory with something in it there's nothing you can do, except ask


    exactly, I know this behavior, but I was wondering if user-1 copies (by
    mistake) some directories to a secured place which user-2 doesn't have
    access to. user-1 and user-2 will require root intervention.

    > the other user to do you a favour. I hope you weren't trying to steal
    > his porn collection...


    Of course not , I used "cp -p" to replicate attibutes on linux which
    instead takes ownership of the files (when non-root), preserving other
    attributes.

    --
    wave++ (also known, in some places, as "Yuri D'Elia") http://www.yuv.info/
    The email address is fake (thanks swen)! You know how to contact me anyway.

+ Reply to Thread