You are not logged in.
The code says it all:
chris@chriseee> touch test.txt
chris@chriseee> sudo chown root:root test.txt
chris@chriseee> sudo chmod 000 test.txt
chris@chriseee> ls -la test.txt
---------- 1 root root 0 Feb 25 14:22 test.txt
chris@chriseee> rm test.txt
rm: remove write-protected regular empty file `test.txt'? y
chris@chriseee> ls -la test.txt
ls: cannot access test.txt: No such file or directory
chris@chriseee> groups
lp wheel video audio optical storage scanner power users chris
chris@chriseee>
Why can I do this?
฿ 18PRsqbZCrwPUrVnJe1BZvza7bwSDbpxZz
Offline
As far as I know, it's because the mode/ownership of a file does not affect rm/unlink(). What does affect it is the mode/ownership of its parent directory, because unlinking a file removes references to it from the directory 'special file'.
Offline
You change the owner of the file, noi matter the directory you are, if the file is owner by root you cannot rm with a simple user.
Offline
You can do this because you have the right to do it as the owner of the parent directory (/home/your_username). Try this in your /home:
sudo mkdir testdir
cd testdir
touch test.txt
As you will notice, you are not even able to create the file because the owner of the new directory is root.
Offline
For me Peasantanoid's explanation does it perfectly right. If it's (1) in my home directory I will be able to delete it.
If it's (2) in a root-owned subdirectory not. Neither (3) in /tmp where there is write access but it's owned by root.
In the latter case the output differs from the second.
(2) Permission denied
(3) Operation not permitted
(Or something like that)
If you want to protect a file from being deleted use chattr +i <file>
Last edited by panuh (2010-02-25 13:44:18)
Offline
We had a java app that exports some date to a file. We wanted to thest the exception when we could not write to a file but java just removed the file and created a new one with sufficient permissions.
That was not quite what we expected.
So there is no way to create a file in a home dir where noone can "write to" by removing the file and creating a new one?
chattr +i is what i searched. thx.
edit: yes i did it wrong and editet then.
Last edited by Cdh (2010-02-25 13:59:03)
฿ 18PRsqbZCrwPUrVnJe1BZvza7bwSDbpxZz
Offline
We had a java app that exports some date to a file. We wanted to thest the exception when we could not write to a file but java just removed the file and created a new one with sufficient permissions.
That was not quite what we expected.
So there is no way to create a file in a home dir where noone can "write to" by removing the file and creating a new one?chattr -i?
chris@chriseee> touch test.txt chris@chriseee> sudo chown root:root test.txt chris@chriseee> sudo chmod 000 test.txt chris@chriseee> sudo chattr -i test.txt chris@chriseee> ls -la test.txt ---------- 1 root root 0 Feb 25 14:51 test.txt chris@chriseee> rm test.txt rm: remove write-protected regular empty file `test.txt'? y chris@chriseee> ls -la test.txt ls: cannot access test.txt: No such file or directory chris@chriseee>
panuh gave you the solution:
sudo chattr +i <file>
However, if you want to delete it later you have to remove the attribute with
sudo chattr -i <file>
because it can't be deleted even by root.
Offline
good to know about chattr
Offline
For me Peasantanoid's explanation does it perfectly right.
Think you got one too many syllables in there
Offline
Damn! And I lookeded it up twi-ice!
I'll remember you Next time I'll try to do betterer!
(Even though I'm not a native speaker, writing this hurt XD)
Offline