[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "weird" behavior in dirs
- To: misc_(_at_)_openbsd_(_dot_)_org, gustavoh_(_at_)_sysadmin_(_dot_)_com_(_dot_)_br
- Subject: Re: "weird" behavior in dirs
- From: Ian Darwin <ian_(_at_)_darwinsys_(_dot_)_com>
- Date: Thu, 11 Feb 1999 10:27:35 -0500 (EST)
> The security problem I was found was the folowing:
> Suppose a normal user of the system is acessing my 'hp' dir in /root/hp
> and I don't want anyone to access it anymore. Then i move 'hp' to
> /root/private wich is chmoded 700.
> But if the user has his account logged in and in that directory (/root/hp)
> he still has access to list the file and can see its contents.
This is not a problem, it's a feature. Well, at least, it's how UNIX
works. If you want to lower the permissions on a object in the filesystem,
you are expected to use chmod, not mv. It is supposed to be generally
understood that the name of an object is not the same as its permissions.
If you want to use mv to hide something, you also need to reboot, or
use a command like lsof to ensure that nobody has the object opened
Visit your host, monkey.org