You are not logged in.
- Topics: Active | Unanswered
#1 2010-02-25 13:25:19
- Cdh
- Member
- Registered: 2009-02-03
- Posts: 1,098
why can i rm files owned by root in my home?
The code says it all:
chris@chriseee> touch test.txt
chris@chriseee> sudo chown root:root test.txt
chris@chriseee> sudo chmod 000 test.txt
chris@chriseee> ls -la test.txt
---------- 1 root root 0 Feb 25 14:22 test.txt
chris@chriseee> rm test.txt
rm: remove write-protected regular empty file `test.txt'? y
chris@chriseee> ls -la test.txt
ls: cannot access test.txt: No such file or directory
chris@chriseee> groups
lp wheel video audio optical storage scanner power users chris
chris@chriseee>Why can I do this?
฿ 18PRsqbZCrwPUrVnJe1BZvza7bwSDbpxZz
Offline
#2 2010-02-25 13:31:31
- Peasantoid
- Member
- Registered: 2009-04-26
- Posts: 928
- Website
Re: why can i rm files owned by root in my home?
As far as I know, it's because the mode/ownership of a file does not affect rm/unlink(). What does affect it is the mode/ownership of its parent directory, because unlinking a file removes references to it from the directory 'special file'.
Offline
#3 2010-02-25 13:31:50
- n0dix
- Member
- Registered: 2009-09-22
- Posts: 956
Re: why can i rm files owned by root in my home?
You change the owner of the file, noi matter the directory you are, if the file is owner by root you cannot rm with a simple user.
Offline
#4 2010-02-25 13:41:51
- panosk
- Member
- From: Athens, Greece
- Registered: 2008-10-29
- Posts: 241
Re: why can i rm files owned by root in my home?
You can do this because you have the right to do it as the owner of the parent directory (/home/your_username). Try this in your /home:
sudo mkdir testdir
cd testdir
touch test.txtAs you will notice, you are not even able to create the file because the owner of the new directory is root.
Offline
#5 2010-02-25 13:42:48
- panuh
- Member
- From: X :ɯoɹℲ
- Registered: 2009-11-24
- Posts: 144
Re: why can i rm files owned by root in my home?
For me Peasantanoid's explanation does it perfectly right. If it's (1) in my home directory I will be able to delete it.
If it's (2) in a root-owned subdirectory not. Neither (3) in /tmp where there is write access but it's owned by root.
In the latter case the output differs from the second.
(2) Permission denied
(3) Operation not permitted
(Or something like that)
If you want to protect a file from being deleted use chattr +i <file>
Last edited by panuh (2010-02-25 13:44:18)
Offline
#6 2010-02-25 13:49:12
- Cdh
- Member
- Registered: 2009-02-03
- Posts: 1,098
Re: why can i rm files owned by root in my home?
We had a java app that exports some date to a file. We wanted to thest the exception when we could not write to a file but java just removed the file and created a new one with sufficient permissions.
That was not quite what we expected.
So there is no way to create a file in a home dir where noone can "write to" by removing the file and creating a new one?
chattr +i is what i searched. thx.
edit: yes i did it wrong and editet then. 
Last edited by Cdh (2010-02-25 13:59:03)
฿ 18PRsqbZCrwPUrVnJe1BZvza7bwSDbpxZz
Offline
#7 2010-02-25 13:56:33
- panosk
- Member
- From: Athens, Greece
- Registered: 2008-10-29
- Posts: 241
Re: why can i rm files owned by root in my home?
We had a java app that exports some date to a file. We wanted to thest the exception when we could not write to a file but java just removed the file and created a new one with sufficient permissions.
That was not quite what we expected.
So there is no way to create a file in a home dir where noone can "write to" by removing the file and creating a new one?chattr -i?
chris@chriseee> touch test.txt chris@chriseee> sudo chown root:root test.txt chris@chriseee> sudo chmod 000 test.txt chris@chriseee> sudo chattr -i test.txt chris@chriseee> ls -la test.txt ---------- 1 root root 0 Feb 25 14:51 test.txt chris@chriseee> rm test.txt rm: remove write-protected regular empty file `test.txt'? y chris@chriseee> ls -la test.txt ls: cannot access test.txt: No such file or directory chris@chriseee>
panuh gave you the solution:
sudo chattr +i <file>However, if you want to delete it later you have to remove the attribute with
sudo chattr -i <file>because it can't be deleted even by root.
Offline
#8 2010-02-25 14:17:00
- n0dix
- Member
- Registered: 2009-09-22
- Posts: 956
Re: why can i rm files owned by root in my home?
good to know about chattr
Offline
#9 2010-02-25 20:55:34
- Peasantoid
- Member
- Registered: 2009-04-26
- Posts: 928
- Website
Re: why can i rm files owned by root in my home?
For me Peasantanoid's explanation does it perfectly right.
Think you got one too many syllables in there 
Offline
#10 2010-02-26 02:45:56
- panuh
- Member
- From: X :ɯoɹℲ
- Registered: 2009-11-24
- Posts: 144
Re: why can i rm files owned by root in my home?
Damn! And I lookeded it up twi-ice!
I'll remember you 
Next time I'll try to do betterer!
(Even though I'm not a native speaker, writing this hurt XD)
Offline