Once upon a time, Jeff Lasman <[EMAIL PROTECTED]> said: > Deleting a file is done by simply writing to another file, in this case > the file that's logically the directory. If you can write to the > directory, yes you can delete the file.
Yup. > BUT... I forgot completely when I made the post that said you could > protect yourself that way. > > Sometimes things that are logical, and correct, are still > contra-intuitive. So we forget them <frown>. :-) > How about the chattr attribute someone mentioned? I just got back from > Internet World 2000, and I'm too tired to do the lookup now... chattr is root only I believe. You could also create a directory called .htaccess (to remove a directory, you must have write permission on both it _and_ its parent), but I think Apache would barf on that. However, like I said, I really do think this is a moot point, because I think that anything you can put in one .htaccess file can be overriden by a .htaccess file in a subdirectory. You could play a never-ending game of tag trying to follow a users' subdirectory creation. -- Chris Adams <[EMAIL PROTECTED]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
