Jump to content
crp

regular user control over root owned files

Recommended Posts

crp

Found out today while doing work on a java program that in Linux a regular user can move a file in it's directory that is owned by root and to which a regular user has no modification rights to , can be moved by regular user to a different directory that regular user has access to. Why? How?

 

Share this post


Link to post
Share on other sites
securitybreach

Without the name of the application, there is not way for me to try to figure that out.

Share this post


Link to post
Share on other sites
securitybreach

And I bet that your user has sudo rights because linux uses strict permissions to do things. Also, perhaps its a member of a java group that has sudo/root access.

Share this post


Link to post
Share on other sites
V.T. Eric Layton

How was the Java program installed on that Linux? As root? If so, the Java program probably has root rights/permissions. What distribution of Linux are we talking about here?

  • Like 1

Share this post


Link to post
Share on other sites
sunrat

It's often possible to copy a root-owned file as user to a user-owned directory, but not to edit, move or delete it. You can't move it back though.

  • Like 2

Share this post


Link to post
Share on other sites
crp

The application was a java program installed as  regularUser, who does not have sudo.

 

Was able to replicate the situation as soon as i saw it. Logged in as root, created a file in regularUser directory tree, checked that the file was owned by root:root. Sunrat, I was able to move as regularUser the root created file to a subdirectory owned by regularUser Not just copy, but move. 

 

CentoOS 7 .

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...