Jump to content

regular user control over root owned files


crp
 Share

Recommended Posts

Found out today while doing work on a java program that in Linux a regular user can move a file in it's directory that is owned by root and to which a regular user has no modification rights to , can be moved by regular user to a different directory that regular user has access to. Why? How?

 

Link to comment
Share on other sites

securitybreach

And I bet that your user has sudo rights because linux uses strict permissions to do things. Also, perhaps its a member of a java group that has sudo/root access.

Link to comment
Share on other sites

V.T. Eric Layton

How was the Java program installed on that Linux? As root? If so, the Java program probably has root rights/permissions. What distribution of Linux are we talking about here?

  • Like 1
Link to comment
Share on other sites

It's often possible to copy a root-owned file as user to a user-owned directory, but not to edit, move or delete it. You can't move it back though.

  • Like 2
Link to comment
Share on other sites

The application was a java program installed as  regularUser, who does not have sudo.

 

Was able to replicate the situation as soon as i saw it. Logged in as root, created a file in regularUser directory tree, checked that the file was owned by root:root. Sunrat, I was able to move as regularUser the root created file to a subdirectory owned by regularUser Not just copy, but move. 

 

CentoOS 7 .

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...