Your message dated Wed, 14 Sep 2016 18:57:22 +0200 (CEST) with message-id <[email protected]> and subject line Re: base: a user could delete created root files created in folder where user have access has caused the Debian Bug report #811467, regarding base: a user could delete created root files created in folder where user have access to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 811467: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811467 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: base Severity: important Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Trying to create files with root in user home folder. But the user could delete the file * What exactly did you do (or not do) that was effective (or ineffective)? root creating file user login, try to delete, it works teilnehmer@debPc:~$ su Password: root@debPc:/home/teilnehmer# clear root@debPc:/home/teilnehmer# uname -a Linux debPc 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u6 (2015-11-09) x86_ 64 GNU/Linux root@debPc:/home/teilnehmer# touch rootfile root@debPc:/home/teilnehmer# ls -lisa total 24 266911 4 drwxr-xr-x 2 teilnehmer teilnehmer 4096 Jan 19 10:54 . 258067 4 drwxr-xr-x 4 root root 4096 Sep 12 10:25 .. 266915 4 -rw------- 1 teilnehmer teilnehmer 46 Jan 14 15:44 .bash_history 266913 4 -rw-r--r-- 1 teilnehmer teilnehmer 220 Nov 13 2014 .bash_logout 266912 4 -rw-r--r-- 1 teilnehmer teilnehmer 3515 Nov 13 2014 .bashrc 266914 4 -rw-r--r-- 1 teilnehmer teilnehmer 675 Nov 13 2014 .profile 267322 0 -rw-r--r-- 1 root root 0 Jan 19 10:54 rootfile root@debPc:/home/teilnehmer# exit exit teilnehmer@debPc:~$ ls -lisa total 24 266911 4 drwxr-xr-x 2 teilnehmer teilnehmer 4096 Jan 19 10:54 . 258067 4 drwxr-xr-x 4 root root 4096 Sep 12 10:25 .. 266915 4 -rw------- 1 teilnehmer teilnehmer 46 Jan 14 15:44 .bash_history 266913 4 -rw-r--r-- 1 teilnehmer teilnehmer 220 Nov 13 2014 .bash_logout 266912 4 -rw-r--r-- 1 teilnehmer teilnehmer 3515 Nov 13 2014 .bashrc 266914 4 -rw-r--r-- 1 teilnehmer teilnehmer 675 Nov 13 2014 .profile 267322 0 -rw-r--r-- 1 root root 0 Jan 19 10:54 rootfile teilnehmer@debPc:~$ rm rootfile rm: remove write-protected regular empty file 'rootfile'? y teilnehmer@debPc:~$ ls -lisa total 24 266911 4 drwxr-xr-x 2 teilnehmer teilnehmer 4096 Jan 19 10:54 . 258067 4 drwxr-xr-x 4 root root 4096 Sep 12 10:25 .. 266915 4 -rw------- 1 teilnehmer teilnehmer 46 Jan 14 15:44 .bash_history 266913 4 -rw-r--r-- 1 teilnehmer teilnehmer 220 Nov 13 2014 .bash_logout 266912 4 -rw-r--r-- 1 teilnehmer teilnehmer 3515 Nov 13 2014 .bashrc 266914 4 -rw-r--r-- 1 teilnehmer teilnehmer 675 Nov 13 2014 .profile teilnehmer@debPc:~$ id uid=1001(teilnehmer) gid=1001(teilnehmer) groups=1001(teilnehmer) teilnehmer@debPc:~$ cat /etc/passwd | grep teilnehmer teilnehmer:x:1001:1001::/home/teilnehmer:/bin/bash teilnehmer@debPc:~$ su Password: root@debPc:/home/teilnehmer# id uid=0(root) gid=0(root) groups=0(root) * What was the outcome of this action? the only way was to create a folder with root, move the file there, then I could not delete this file with user. So I believe the folder rights where pushed to files inside. * What outcome did you expect instead? I expect that a normal user could not delete a root create file *** End of the template - remove these template lines *** -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---On Tue, 19 Jan 2016, Malte Kiefer wrote: > Package: base > Severity: important > > Dear Maintainer, > > *** Reporter, please consider answering these questions, where appropriate *** > > * What led up to the situation? > > Trying to create files with root in user home folder. > But the user could delete the file > > * What exactly did you do (or not do) that was effective (or > ineffective)? > > root creating file > user login, try to delete, it works > [...] > > * What was the outcome of this action? > > the only way was to create a folder with root, move the file there, > then I could not delete this file with user. > So I believe the folder rights where pushed to files inside. > > * What outcome did you expect instead? > I expect that a normal user could not delete a root create file Hello. [ Sorry for all the time you waited before receiving a reply, there are not many people answering to bugs in "base", and we really prefer bugs regarding real packages ]. This is not a bug but normal Unix behaviour. In Unix, to be able to remove a file (or a directory), you only need write permissions on the directory on which the file (or the directory) is, you don't have to be the owner of the file to be removed. So, don't put valuable files on directories on which other users have write permission. There is an exception to this rule which is called the sticky bit: If a directory has the sticky bit, then yes, you need to be the owner of the file to be able to remove it. This is what happens with /tmp, for example. Hope this helps. Thanks.
--- End Message ---
