Its all to do with the x. for a file it means the owner/group can execute that file. But for a directory, anybody in the group for that directory can delete any file in the root of that directory, even if the group permissions for that file say they can't. now if a member of that group created a folder in the root of that folder, then only they could get access to that folder, because that folder would then have the owner as the group, unless that is you use force group = whatever in samb.conf.
Just as a side line, if you do use force group = whatever, and users create a folder in that folder, and you have say force create = 750. then even if they are not a Unix / Linux member of that group, they can go look in anybody else's folder, but they can't delete anything or place anything in that other persons folder ( using 750 ). But they can copy any file that is not theirs over to their folder and the copied file will have their permissions. ken -----Original Message----- From: Raffaele Belardi [mailto:[EMAIL PROTECTED] Sent: 07 March 2003 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [newbie] normal user can delete root owned files! This is a good explanation, thanks! After your comment I checked man chmod, I guess the explanation below is what you are referring to: STICKY DIRECTORIES When the sticky bit is set on a directory, files in that directory may be unlinked or renamed only by root or their owner. Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on directories, such as /tmp, that are world-writable. How many things still to learn... raffaele [EMAIL PROTECTED] wrote: > On Friday 07 March 2003 04:03 am, you wrote: > >>I am running MDK9.0 with msec 3, vanilla kernel. I just noticed that, as >>a normal user, I am able to delete root-owned files (with -rw-r--r-- >>rights). I don't know when it started, I am almost sure it was not this >>way last time I tried. >> >>Does anybody have a similar issue? > > > The permission to delete a file depends on the permissions on the directory > the file lives in, not on the permissions on the file itself. Just as you > can link a file that you don't have read permissions to into a directory you > have write permissions in you can also unlink it from that directory. >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
