0

I created user small, added him to group kek and allowed that group to only read files in user home directory. Then I chowned all files to root:kek. However, small still can delete files in his home directory.

Commands I ran:

useradd -ms /bin/bash small
groupadd kek
usermod -a -G kek small
chown -R root:kek /home/small/*
chmod -R g=r  /home/small/*

Then when I try to remove file:

$ ls -l
total 16
-rw-r--r-- 1 root kek  240 Jun 23 06:17 Dockerfile
-rw-r--r-- 1 root kek   39 Jun 21 09:17 flag.txt
-rw-r--r-- 1 root kek 2336 Jun 22 14:19 server.py
-rw-r--r-- 1 root kek   24 Jun 22 08:16 small.py

$ rm flag.txt

$ ls -l
total 12
-rw-r--r-- 1 root kek  240 Jun 23 06:17 Dockerfile
-rw-r--r-- 1 root kek 2336 Jun 22 14:19 server.py
-rw-r--r-- 1 root kek   24 Jun 22 08:16 small.py

$ whoami
small

Why does this happens?

2 Answers2

6

Whether a file can be deleted or not is not a property of the file but of the directory that the file is located in. A user may not delete a file that is located in a directory that they can't write to.

Files (and subdirectories) are entries in the directory node. To delete a file, one unlinks it from the directory node and therefore one has to have write permissions to the directory to delete a file in it.

  • The write permissions on a file determines whether one is allowed to change the contents of the file.
  • The write permissions on a directory determines whether one is allowed to change the contents of the directory.

Related:

Kusalananda
  • 333,661
1

On Unix you do not delete a file, you remove it from a directory listing. When a file no-longer has any directory listings (it can have many), and is no-longer open by a process, then it will be deleted.

If you have write permission on a directory, then you can remove a files directory listing.

What to do about it

  • Option 1 Remove write permission from the directory.
  • Option 2 Add the sticky bit to the directory (chmod +t «directory-name»). Make it so that only the owner and root (actually has capability CAP_FOWNER) can remove a file. Use this when you need the write permission, so that user can add files.