Can a user be unable to delete files within a directory the user owns?

Question

Assuming root privileges are unavailable to user A and user B. Suppose:

User A makes directory X with 777 permissions
User B then makes a directory X/Y with 755 permissions.
User B then makes a file in X/Y/troll with 755 permissions.

What is the correct behavior if user A tries to run:

rm -rf X/Y

What about on the "troll" file? I have just tested this on my machine and user A cannot delete user B's files. Is this correct?

If so, does that mean user B could make a very large file in A's directory that A could not delete and thus exceed A's quota?

Quotas are generally linked to the user and not the directory https://unix.stackexchange.com/questions/99191/quotas-not-linked-to-users-but-to-directories — StrongBad, Jun 27 '19 at 01:52
That's why you shouldn't give write permissions to your home directory. — xiota, Jun 27 '19 at 05:37
Once again, very simple edits make the question clear. No need to be so hard on new users. (Swapped C for X, D for Y) and expanded to show example full path of each file. Seperated setup steps into bullet points and wrote rm command in full. — Philip Couling, Jun 27 '19 at 10:48
D or Y? It's a basic manner to express your doubts clearly when you ask for answer. — 炸鱼薯条德里克, Jun 27 '19 at 10:52
@炸鱼薯条德里克 Asking questions clearly is a skill that needs to be learned. Lack of experience should never be mistaken for lack of manners. — Philip Couling, Jun 27 '19 at 10:58
@PhilipCouling thank you for editing the question and providing an answer. — Viktor, Jun 27 '19 at 19:47

Philip Couling · Accepted Answer · 2019-06-27T12:15:51.240

Yes this is expected behavior and as you point out it can be used to troll another user who has given others write permission on their directory. As you show correctly a directory without write permission created with contents by a "troll" user can only be deleted by that user and root.

This is derived from the fact that you cannot remove any directory which is not empty and you cannot modify another user's directory without permission.

Typically this doesn't cause a problem with resource limits (quotas) as they are usually calculated by file ownership not directory location and this is one reason that regular users cannot chown their own files to another user. Otherwise they could pass (chown) a user a file to which that user has no access to delete it.

There is still a way to troll quotas with this: if user A changed permissions on X after user B added a file to it:

chmod 700 X

User B would then be unable to delete the file. Without a hardlink to any files there they couldn't view or rewrite them either. While you cannot move directories, you can move another user's file if you have write permission on the parent directory. So world writable directories are generally ill advised.

Instead, in Linux when passing files to another user, always leave the files in your own directory and give read access. The other user can copy the files for themselves with no risk to you or them.

In almost every case the answer to this type of behavior is to ask the troll user politely to stop and then report them user to the sysadmin if they don't.

score 0 · Answer 2 · answered Jun 27 '19 at 11:20

Suppose you don't have any other fancy stuff like stick bit or ACL or file capabilities or something.

Since A can't write to Y, A can't unlink the troll file, then Y is not empty, so it can't be deleted, eventually, nothing would happen at all.

Whether a process of FSUID=A can unlink a file owned B really depends on … many conditions. Please focus on credentials of process instead of talking about usernames all the time.

So does your last question. Linux really have so much fancy stuff, do you have permission to do something? It really depends on so many conditions…

Can a user be unable to delete files within a directory the user owns?

2 Answers2

Linked