crp Posted December 5, 2019 Share Posted December 5, 2019 Found out today while doing work on a java program that in Linux a regular user can move a file in it's directory that is owned by root and to which a regular user has no modification rights to , can be moved by regular user to a different directory that regular user has access to. Why? How? Quote Link to comment Share on other sites More sharing options...
securitybreach Posted December 5, 2019 Share Posted December 5, 2019 Without the name of the application, there is not way for me to try to figure that out. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted December 5, 2019 Share Posted December 5, 2019 And I bet that your user has sudo rights because linux uses strict permissions to do things. Also, perhaps its a member of a java group that has sudo/root access. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted December 5, 2019 Share Posted December 5, 2019 How was the Java program installed on that Linux? As root? If so, the Java program probably has root rights/permissions. What distribution of Linux are we talking about here? 1 Quote Link to comment Share on other sites More sharing options...
sunrat Posted December 5, 2019 Share Posted December 5, 2019 It's often possible to copy a root-owned file as user to a user-owned directory, but not to edit, move or delete it. You can't move it back though. 2 Quote Link to comment Share on other sites More sharing options...
crp Posted December 9, 2019 Author Share Posted December 9, 2019 The application was a java program installed as regularUser, who does not have sudo. Was able to replicate the situation as soon as i saw it. Logged in as root, created a file in regularUser directory tree, checked that the file was owned by root:root. Sunrat, I was able to move as regularUser the root created file to a subdirectory owned by regularUser Not just copy, but move. CentoOS 7 . Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.