2

I want to clarify a few things I noticed regarding the file handling in linux (Ubuntu basically but I think this is applicable to every distribution).

I noticed that when files are created by root in home directory they are considered write-protected regular files and a message is displayed when trying to remove them the usual way:

$ sudo touch ~/test.txt
$ ls -l ~/test.txt 
-rw-r--r-- 1 root root 0 Nov 24 10:27 /home/xxx/test.txt
$ rm ~/test.txt 
rm: remove write-protected regular empty file '/home/gorfanidis/test.txt'? y
$ ls -l ~/test.txt 
ls: cannot access '/home/gorfanidis/test.txt': No such file or directory

If I do not confirm with y the file is not deleted also (I know I can use -f for example to skip this message but I am not asking for this).

Anyway, I tried the same in another place where the folder owner is root (I guess this is the difference but not sure) as in /usr/

$ sudo touch /usr/test.txt
$ rm /usr/test.txt 
rm: remove write-protected regular empty file '/usr/test.txt'? y
rm: cannot remove '/usr/test.txt': Permission denied

So, my questions are the following:

  1. What does exactly write-protected regular file mean? What file is non-regular for example? It's not clear to me. Write-protected in this case means root owner (privileges) as stated here for example.
  2. What's the point of asking for permission for removing write-protected file when you cannot actually remove it (case of root file in root folder)?
  3. What's the mechanism for the linux system to decide if a user has actually privileges to remove a file: is it the folder permissions the file resides in? Is it something more elaborated?
muru
  • 72,889
Eypros
  • 123
  • When you do: cd <dir>; rm <file> what you are actually doing is modifying the file <dir> (yes, directories are just files... everything is a file in UNIX systems) by removing the link to <file>. – Bakuriu Nov 24 '22 at 19:57

1 Answers1

5

  1. A regular file is any file which actually contains its own data, instead of being a file system representation of something else (see Understanding UNIX permissions and file types for details).

    From rm’s perspective, a write-protected file is any file which the current user can’t write to. In your case, the file is only writable by its owner, and the current user isn’t the owner. The fact that the file is owned by root doesn’t add anything to this.

  2. rm first checks whether the file itself is writable; if it isn’t, it prompts the user. Only then does it actually try to delete the file, and that’s when the operating system “tells” rm that the user doesn’t have permission to delete the file (the deletion fails with a “permission denied” error). rm doesn’t attempt to determine ahead of time whether the file deletion is allowed; even if it tried to, the detection would be racy and incomplete, and it would still have to deal with cases where it thought the deletion was allowed but the operating system decided otherwise.

  3. File deletion is subject to being allowed to write to the parent directory, yes.

Stephen Kitt
  • 434,908