 | Chapter 22 File Security, Ownership, and Sharing |  |
| Chapter 22 File Security, Ownership, and Sharing | |
No one said that UNIX is perfect (1.34), and one of its nagging problems has always been security. Here's one glitch that you should be aware of. If you don't have write access to a file, you can't modify it. However, if you have write access to the directory, you can get around this as follows:
%ls -l unwritable-r-r-r- 1 john 334 Mar 30 14:57 unwritable %cat > unwritableunwritable: permission denied %cat unwritable > temp%vi temp... %mv temp unwritableoverride protection 444 for unwritable?y%cat unwritableJohn wrote this originally, and made the file read-only. But then Mike came along and wrote: I should not have been able to do this!!!
I couldn't write the file unwritable directly. But I was able to copy it, and then use vi to make whatever changes I wanted. After all, I had read access, and to copy a file, you only need to be able to read it. When I had my own copy, I could (of course) edit it to my heart's content. When I was done, I was able to mv the new file on top of unwritable. Why? Renaming a file only requires that you be able to write the file's directory. You don't need to be able to write the file itself. (Note that a cp wouldn't work - copying requires unwritable to be writable, if it already exists.) This is one reason to watch directory access fairly closely.
As you can see, allowing directory-write access to others can be dangerous. If this is a problem for you, solve it by setting your umask (22.4) correctly and using chmod (22.7) to fix permissions of existing directories. Or, you may be able to leave the directory writable and set the directory's sticky bit (22.6).
-
|  | |
| 22.10 cx, cw, c-w: Quick File Permission Changes |  | 22.12 A Directory that People Can Access but Can't List |
