Re: File permission confusion [Debian 9.1 with MATE]
- Date: Mon, 01 Jan 2018 13:01:23 +0100
- From: "Thomas Schmitt" <scdbackup@xxxxxxx>
- Subject: Re: File permission confusion [Debian 9.1 with MATE]
Richard Owlett wrote:
> As user "richard" I was able to delete them with Caja.
To prevent renaming or deletion of a file, you need to prevent writing
to the directory which hosts it. (Actually you delete the "dirent", which
points to the inode. The inode gets deleted when its last dirent is gone
and no filedescriptor is open on it any more.)
You may prevent writing either by taking away w-permission for everybody
chmod a-w directory
or by preventing users from removing files which they don't own
chmod +t directory
But the superuser will probably be able to override both of this without
the prior need to change the directory permissions.
chattr +i file
with some filesystems. I dimly remember we had a discussion about its
effectiveness a while ago ...
> Logged into Debian as "richard" SeaMonkey was able to change contents of
> those files.
It is a usual strategy against softlink spoofing to rename or delete the
original file and to store the changed content as new file.
Have a nice day :)