Unix directory access permissions say that if a user has write permission on a directory, one can rename or remove files there, even files that don't belong to that individual. Many newer versions of Unix have a way to stop that. The owner of a directory can set its sticky bit. The only people who can rename or remove any file in that directory are the file's owner, the directory's owner, and the superuser.
Here's an example: the user tom makes a world-writable directory and sets the sticky bit (shown as t here):
tom% mkdir share
tom% chmod 1777 share
tom% ls -ld share
drwxrwxrwt 2 tom ra 32 Nov 19 10:31 share
Other people create files in it. When ann tries to remove a file that belongs to nelly, she can't:
ann% ls -l
total 2
-rw-r--r-- 1 nelly ra 120 Nov 19 11:32 data.nelly
-rw-r--r-- 1 ann ra 3421 Nov 19 15:34 data.ann
-rw-r--r-- 1 pete ra 728 Nov 20 12:29 data.pete
ann% rm data.nelly
data.nelly: 644 mode ? y
rm: data.nelly not removed.
Permission denied
Here's an example: the user tom makes a world-writable directory and sets the sticky bit (shown as t here):
tom% mkdir share
tom% chmod 1777 share
tom% ls -ld share
drwxrwxrwt 2 tom ra 32 Nov 19 10:31 share
Other people create files in it. When ann tries to remove a file that belongs to nelly, she can't:
ann% ls -l
total 2
-rw-r--r-- 1 nelly ra 120 Nov 19 11:32 data.nelly
-rw-r--r-- 1 ann ra 3421 Nov 19 15:34 data.ann
-rw-r--r-- 1 pete ra 728 Nov 20 12:29 data.pete
ann% rm data.nelly
data.nelly: 644 mode ? y
rm: data.nelly not removed.
Permission denied
No comments:
Post a Comment