On Sun, May 24, 2009 at 3:18 PM, Michael Ash <michael....@gmail.com> wrote: > /tmp has a special permissions bit set called the sticky bit. When set > on directories, the sticky bit modifies the standard UNIX permissions > model and makes it so that the directory's contents can only be > deleted or renamed by the owner of the item in question, of the > directory, or root. In other words, if I write to /tmp/xyz and then > you try to rm /tmp/xyz, your attempt will fail. Give it a try and see.
Believe it or not, I did before I replied to the thread. Except this is what I did: # cd /tmp # touch foo # sudo -s # su nobody # rm foo However, that wasn't what actually happened. Had I bothered to run `whoami`, I would have seen this: # cd /tmp # touch foo # whoami kyle # sudo -s # whoami root # su nobody # whoami root # rm foo What I failed to realize is that su will by default execute the user's specified shell (which is /usr/bin/false for nobody). You have to provide -m to override this behavior, and if you do that, it fails. --Kyle Sluder _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com