|
|
Don wrote:
Hi... I did a bit of browsing on this list and it looks to me like the
right newsgroup for my question.
Problem:
I have a file server that is nfs'ing out a local directory called
"/share" (ok, bad name, this is just a test case while I get the machine
working) If I go to this /share on the file server, or on any other
machine that mounts this, I can do the following:
(starting as root)
# cd /share
# su user1
$ touch user1file
$ chmod 600 user1file
$ exit
# su user2
$ rm user1file
rm: remove write-protected regular empty file `user1file'? y
The diagnostic is saying "you don't have write permissions on the file,
but you *do* have write permissions on the directory. Do you really
want to do this?" You reply y and it does as you say.
The file "user1file" is now gone. *But* user2 is not supposed to have
permission to remove user1's file!!! Its not supposed to work like that! :(
Yes it is.
If I do the same operation on the file server in the /tmp directory, I
will get:
rm: remove write-protected regular empty file `user1file'? y
rm: cannot remove `user1file': Operation not permitted
$ ls -ldg /tmp
drwxrwxrwt 14 root 2048 May 13 16:10 /tmp
Note the little "t". I'll bet it's not there on /share.
Permissions for /share are set to be 777, because I want any user to be
able to create files within it. But one user should not be able to
modify another user's stuff unless permissions are set appropriately.
They can unless the "t" bit is set.
man 2 stat
I will concede that the explanation there is somewhat cryptic.
info chmod
is a tad better.
|
|