User can delete file with read permission only

Question

I created user small, added him to group kek and allowed that group to only read files in user home directory. Then I chowned all files to root:kek. However, small still can delete files in his home directory.

Commands I ran:

useradd -ms /bin/bash small
groupadd kek
usermod -a -G kek small
chown -R root:kek /home/small/*
chmod -R g=r  /home/small/*

Then when I try to remove file:

$ ls -l
total 16
-rw-r--r-- 1 root kek  240 Jun 23 06:17 Dockerfile
-rw-r--r-- 1 root kek   39 Jun 21 09:17 flag.txt
-rw-r--r-- 1 root kek 2336 Jun 22 14:19 server.py
-rw-r--r-- 1 root kek   24 Jun 22 08:16 small.py

$ rm flag.txt

$ ls -l
total 12
-rw-r--r-- 1 root kek  240 Jun 23 06:17 Dockerfile
-rw-r--r-- 1 root kek 2336 Jun 22 14:19 server.py
-rw-r--r-- 1 root kek   24 Jun 22 08:16 small.py

$ whoami
small

Why does this happens?

Kusalananda · Accepted Answer · 2018-06-23T07:08:14.600

6

Whether a file can be deleted or not is not a property of the file but of the directory that the file is located in. A user may not delete a file that is located in a directory that they can't write to.

Files (and subdirectories) are entries in the directory node. To delete a file, one unlinks it from the directory node and therefore one has to have write permissions to the directory to delete a file in it.

The write permissions on a file determines whether one is allowed to change the contents of the file.
The write permissions on a directory determines whether one is allowed to change the contents of the directory.

Execute vs Read bit. How do directory permissions in Linux work?

edited Jun 23 '18 at 07:08

answered Jun 23 '18 at 06:36

Kusalananda

333,661

Small question: now I created directory /home/small/server, put all files there and chown and chmod the same way as before. Now small cannot chdir to that directory even though group kek has read permission, why? – nikrom3000 Jun 23 '18 at 06:40
Why is execute permission needed? – nikrom3000 Jun 23 '18 at 06:41
1

@nikrom3000 Execute vs Read bit. How do directory permissions in Linux work? – PesaThe Jun 23 '18 at 06:46
@nikrom3000 To cd into a directory, the user must have execute permissions on it. Read permissions only gives you the ability to list files. – Kusalananda Jun 23 '18 at 07:06

score 1 · Answer 2 · edited Jun 11 '20 at 14:16

On Unix you do not delete a file, you remove it from a directory listing. When a file no-longer has any directory listings (it can have many), and is no-longer open by a process, then it will be deleted.

If you have write permission on a directory, then you can remove a files directory listing.

What to do about it

Option 1 Remove write permission from the directory.
Option 2 Add the sticky bit to the directory (chmod +t «directory-name»). Make it so that only the owner and root (actually has capability CAP_FOWNER) can remove a file. Use this when you need the write permission, so that user can add files.

User can delete file with read permission only

2 Answers2

What to do about it

Linked

Related