in /whatever/tmp
/whatever/tmp has 777 rights of a diff user and diff group
drwxrwxrwx 4 auser secondu 4096 Mar 12 17:04 tmp
drwxr-xr-x 2 auser auser 4096 Mar 12 16:34 tmp2
[test@stan-hpdesktopm01f3xxx tmp]$ ls -l
-rw-r--r-- 1 root root 3 Mar 12 17:04 rootfile
-rwxr-x--- 1 root root 60 Mar 12 16:44 setup.sh
-rw-r--r-- 1 test test 3 Mar 12 16:47 testfile
[test@stan-hpdesktopm01f3xxx tmp]$ id
uid=1002(test) gid=1002(test) groups=1002(test)
[test@stan-hpdesktopm01f3xxx tmp]$ rm rootfile
rm: remove write-protected regular file 'rootfile'? y <--- !
[test@stan-hpdesktopm01f3xxx tmp]$
my mount:
/dev/nvme0n1p4 on / type ext4 (rw,noatime)
[test@stan-hpdesktopm01f3xxx tmp]$ df -h .
Filesystem Size Used Avail Use% Mounted on
/dev/nvme0n1p4 144G 88G 48G 65% /
why did it let a standard user "test" delete a file owned by root?
[test@stan-hpdesktopm01f3xxx net1]$ cat /etc/group |grep test
test:x:1002:
[test@stan-hpdesktopm01f3xxx net1]$ cat /etc/passwd |grep test
test:x:1002:1002:test:/home/test:/usr/bin/bash
[test@stan-hpdesktopm01f3xxx net1]$ cat /etc/passwd |grep wheel
[test@stan-hpdesktopm01f3xxx net1]$
Simply, because only root files in a folder owned by root are safe (as long as we ignore the possibility of implementing/using sudo).
The file is not necessarily deleted by this operation if there still are links from other locations to that file.
This does not matter since everyone has all rights to the folder:
1 Like
…and it did? (remove the file)
you said it did - but you didn’t show
What groups is your test user a member of?
not of any besides his own, it appears
I have not idea what you are saying that only root files in a root owned folder are safe. That makes no sense.
I did not/ do not think if the folder = 777 that anyone could still delete a file they do not own, but I just tested it and that is what happened.
a test user just deleted a root owned and another user owned file with like 400 rights, and the system let me delete them with a simple question.
Yes the file is gone 
It threw no error. It just deleted it.
But, it turns out. if the folder is 777 that lets it happen!
I have to look this up somewhere. I am really surprised.
This lets me delete a root owned and another user owned file
by this 3rd user.
[test@stan-hpdesktopm01f3xxx net1]$ ls -al
total 40
drwxrwxrwx 8 jerry root 4096 Mar 12 13:25 .
drwxr-xr-x 21 root root 4096 Jan 31 14:36 ..
drwxrwxr-x 4 jerry hal 4096 Mar 12 22:28 tmp
[test@stan-hpdesktopm01f3xxx tmp]$ ls -l
total 144
-rw-r--r-- 1 jerry root 3 Mar 12 22:28 jerryfile
-rw-r--r-- 1 test test 3 Mar 12 16:47 testfile
[test@stan-hpdesktopm01f3xxx tmp]$ rm jerryfile
rm: remove write-protected regular file 'jerryfile'? y
rm: cannot remove 'jerryfile': Permission denied
[test@stan-hpdesktopm01f3xxx tmp]$ rm rootfile
rm: remove write-protected regular file 'rootfile'? y
rm: cannot remove 'rootfile': Permission denied
[test@stan-hpdesktopm01f3xxx tmp]$
having the "other" set to writable is very permissive!
otherwise you cannot delete someone else's file.
777 permissions means that everyone has read, write and execute permission. In order to protect one’s own files in such a directory from being deleted or overwritten by another user, the directory has to be set up with 1777 permissions, i.e. drwxrwxrwt. See the tutorial below… 
2 Likes
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.