home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


UNIX Power Tools

UNIX Power ToolsSearch this book
Previous: 22.10 cx, cw, c-w: Quick File Permission Changes Chapter 22
File Security, Ownership, and Sharing
Next: 22.12 A Directory that People Can Access but Can't List
 

22.11 A Loophole: Modifying Files Without Write Access

No one said that UNIX is perfect (1.34 ) , and one of its nagging problems has always been security. Here's one glitch that you should be aware of. If you don't have write access to a file, you can't modify it. However, if you have write access to the directory, you can get around this as follows:

% ls -l unwritable


-r-r-r-  1 john         334 Mar 30 14:57 unwritable
% cat > unwritable


unwritable: permission denied
% cat unwritable > temp


% vi temp


   ...
% mv temp unwritable


override protection 444 for unwritable? y


% cat unwritable


John wrote this originally, and made the file read-only.
But then Mike came along and wrote:
I should not have been able to do this!!!

I couldn't write the file unwritable directly. But I was able to copy it, and then use vi to make whatever changes I wanted. After all, I had read access, and to copy a file, you only need to be able to read it. When I had my own copy, I could (of course) edit it to my heart's content. When I was done, I was able to mv the new file on top of unwritable . Why? Renaming a file only requires that you be able to write the file's directory. You don't need to be able to write the file itself. (Note that a cp wouldn't work - copying requires unwritable to be writable, if it already exists.) This is one reason to watch directory access fairly closely.

As you can see, allowing directory-write access to others can be dangerous. If this is a problem for you, solve it by setting your umask (22.4 ) correctly and using chmod (22.7 ) to fix permissions of existing directories. Or, you may be able to leave the directory writable and set the directory's sticky bit (22.6 ) .

- ML


Previous: 22.10 cx, cw, c-w: Quick File Permission Changes UNIX Power Tools Next: 22.12 A Directory that People Can Access but Can't List
22.10 cx, cw, c-w: Quick File Permission Changes Book Index 22.12 A Directory that People Can Access but Can't List

The UNIX CD Bookshelf NavigationThe UNIX CD BookshelfUNIX Power ToolsUNIX in a NutshellLearning the vi Editorsed & awkLearning the Korn ShellLearning the UNIX Operating System