On Thu, 5 Dec 2002, Michael Schwendt wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 5 Dec 2002 13:34:09 -0500 (EST), Robert P. J. Day wrote: > > > the fact that the original poster could create a file as root, and > > remove it as a "dumb test user" means he must have either modified an > > existing directory and removed its sticky bit, or created a new > > directory with perms 777. in short, what he is describing could *not* > > have happened on a standard red hat install. > > No, it can happen: > > $ su --login root > # cd /home/dumbuser > # touch testfile > # exit > $ su --login dumbuser > $ cd ~ > $ rm -f testfile > $ > > That is exactly the scenario I find described in the OP's message. > Expected behaviour. Directory owned by "dumbuser". Hence dumbuser > can delete all files other users -- including root -- may create > in $HOME/dumbuser.
oh, lord ... he never *said* he created it in dumbuser's home directory. yes, that minor detail would have made a difference in the explanation. i'm going back to work now. rday -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
