Normal user can delete important files
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I am concerned about the possibility that a normal user can delete important files from like /etc/passwd
or files from /boot
. They can do it because the permissions on /etc
and /boot
are drwxr-xr-x
.
Should I worry about this or am I missing something?
Thank you
permissions filesystems
add a comment |Â
up vote
0
down vote
favorite
I am concerned about the possibility that a normal user can delete important files from like /etc/passwd
or files from /boot
. They can do it because the permissions on /etc
and /boot
are drwxr-xr-x
.
Should I worry about this or am I missing something?
Thank you
permissions filesystems
Have youtried, as a normal user, to delete/etc/passwd
? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.
â Archemar
Feb 18 at 13:22
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am concerned about the possibility that a normal user can delete important files from like /etc/passwd
or files from /boot
. They can do it because the permissions on /etc
and /boot
are drwxr-xr-x
.
Should I worry about this or am I missing something?
Thank you
permissions filesystems
I am concerned about the possibility that a normal user can delete important files from like /etc/passwd
or files from /boot
. They can do it because the permissions on /etc
and /boot
are drwxr-xr-x
.
Should I worry about this or am I missing something?
Thank you
permissions filesystems
asked Feb 18 at 12:57
Pedro Palacios
32
32
Have youtried, as a normal user, to delete/etc/passwd
? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.
â Archemar
Feb 18 at 13:22
add a comment |Â
Have youtried, as a normal user, to delete/etc/passwd
? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.
â Archemar
Feb 18 at 13:22
Have youtried, as a normal user, to delete
/etc/passwd
? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.â Archemar
Feb 18 at 13:22
Have youtried, as a normal user, to delete
/etc/passwd
? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.â Archemar
Feb 18 at 13:22
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
3
down vote
accepted
No. The permissions that you see can be split into four components: type of entry, owner permissions, group permissions, and "all" permissions; "all" simply refers to anyone who is neither the owner or a member of the group. What the permissions mean depend on whether the entry is a file or a directory. A more thorough description of how permissions work is here.
So, for this example:
$ ls -dl /etc /etc/passwd /etc/shadow
drwxr-xr-x 58 root root 4096 Feb 13 19:08 /etc
-rw-r--r-- 1 root root 1887 Oct 11 21:49 /etc/passwd
-rw-r----- 1 root root 970 Oct 11 21:49 /etc/shadow
For /etc
:
d
: the entry is a directory.rwx
: the owner of the directory (root
) has full permissions to view and modify (add/delete/rename) file entries, and change to ("cd
") this directory.r-x
: members of the group (also calledroot
, but is not the same as the user calledroot
) have permissions to view file entries and change to ("cd
") this directory.r-x
: everyone else has permissions to view file entries and change to ("cd
") this directory.
Note that having permission to read a directory does not mean that you can read the contents of individual files: that is what file permissions are for.
Individual files work in a similar way, but the permissions refer to reading, writing and executing the file itself.
For /etc/passwd
:
-
: the entry is a regular file.rw-
: the owner (root
) can read and write to this file, but not run it directly from the command line.r--
: members of the group (root
) can only read this file.r--
: everyone else can read this file.
Originally the /etc/passwd
file did have (encrypted) passwords in it, but that was judged to be a security risk so the passwords were moved to a "shadow" copy of the password file called /etc/shadow
. It is only accessible by the root
user and group (-rw-r-----
): regular users cannot view it.
+1, but it took me a little while to realise that "...and change to this directory" meant "cd
to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
â cas
Feb 18 at 14:20
I'm glad that this was helpful. There are other letters that you may see in the permissions fields, likes
for setgid/setuid andt
for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
â ErikF
Feb 18 at 14:26
One last point of information: symbolic links will always have the formlrwxrwxrwx
: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
â ErikF
Feb 18 at 14:31
I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meantcd
. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
â cas
Feb 18 at 14:32
I've added a bit to hopefully clarify what "change to" means.
â ErikF
Feb 18 at 14:34
 |Â
show 1 more comment
up vote
1
down vote
The owner of /etc and /boot is or should be root.
echo test > /etc/test
bash: /etc/test: Permission denied
Only the owner root has the permission to create files or delete them from the directory.
add a comment |Â
up vote
1
down vote
To delete a file a user needs write permission on the parent directory of the file. With the permissions set to drwxr-xr-x
only the owner of those directorys can delete files in them
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
accepted
No. The permissions that you see can be split into four components: type of entry, owner permissions, group permissions, and "all" permissions; "all" simply refers to anyone who is neither the owner or a member of the group. What the permissions mean depend on whether the entry is a file or a directory. A more thorough description of how permissions work is here.
So, for this example:
$ ls -dl /etc /etc/passwd /etc/shadow
drwxr-xr-x 58 root root 4096 Feb 13 19:08 /etc
-rw-r--r-- 1 root root 1887 Oct 11 21:49 /etc/passwd
-rw-r----- 1 root root 970 Oct 11 21:49 /etc/shadow
For /etc
:
d
: the entry is a directory.rwx
: the owner of the directory (root
) has full permissions to view and modify (add/delete/rename) file entries, and change to ("cd
") this directory.r-x
: members of the group (also calledroot
, but is not the same as the user calledroot
) have permissions to view file entries and change to ("cd
") this directory.r-x
: everyone else has permissions to view file entries and change to ("cd
") this directory.
Note that having permission to read a directory does not mean that you can read the contents of individual files: that is what file permissions are for.
Individual files work in a similar way, but the permissions refer to reading, writing and executing the file itself.
For /etc/passwd
:
-
: the entry is a regular file.rw-
: the owner (root
) can read and write to this file, but not run it directly from the command line.r--
: members of the group (root
) can only read this file.r--
: everyone else can read this file.
Originally the /etc/passwd
file did have (encrypted) passwords in it, but that was judged to be a security risk so the passwords were moved to a "shadow" copy of the password file called /etc/shadow
. It is only accessible by the root
user and group (-rw-r-----
): regular users cannot view it.
+1, but it took me a little while to realise that "...and change to this directory" meant "cd
to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
â cas
Feb 18 at 14:20
I'm glad that this was helpful. There are other letters that you may see in the permissions fields, likes
for setgid/setuid andt
for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
â ErikF
Feb 18 at 14:26
One last point of information: symbolic links will always have the formlrwxrwxrwx
: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
â ErikF
Feb 18 at 14:31
I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meantcd
. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
â cas
Feb 18 at 14:32
I've added a bit to hopefully clarify what "change to" means.
â ErikF
Feb 18 at 14:34
 |Â
show 1 more comment
up vote
3
down vote
accepted
No. The permissions that you see can be split into four components: type of entry, owner permissions, group permissions, and "all" permissions; "all" simply refers to anyone who is neither the owner or a member of the group. What the permissions mean depend on whether the entry is a file or a directory. A more thorough description of how permissions work is here.
So, for this example:
$ ls -dl /etc /etc/passwd /etc/shadow
drwxr-xr-x 58 root root 4096 Feb 13 19:08 /etc
-rw-r--r-- 1 root root 1887 Oct 11 21:49 /etc/passwd
-rw-r----- 1 root root 970 Oct 11 21:49 /etc/shadow
For /etc
:
d
: the entry is a directory.rwx
: the owner of the directory (root
) has full permissions to view and modify (add/delete/rename) file entries, and change to ("cd
") this directory.r-x
: members of the group (also calledroot
, but is not the same as the user calledroot
) have permissions to view file entries and change to ("cd
") this directory.r-x
: everyone else has permissions to view file entries and change to ("cd
") this directory.
Note that having permission to read a directory does not mean that you can read the contents of individual files: that is what file permissions are for.
Individual files work in a similar way, but the permissions refer to reading, writing and executing the file itself.
For /etc/passwd
:
-
: the entry is a regular file.rw-
: the owner (root
) can read and write to this file, but not run it directly from the command line.r--
: members of the group (root
) can only read this file.r--
: everyone else can read this file.
Originally the /etc/passwd
file did have (encrypted) passwords in it, but that was judged to be a security risk so the passwords were moved to a "shadow" copy of the password file called /etc/shadow
. It is only accessible by the root
user and group (-rw-r-----
): regular users cannot view it.
+1, but it took me a little while to realise that "...and change to this directory" meant "cd
to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
â cas
Feb 18 at 14:20
I'm glad that this was helpful. There are other letters that you may see in the permissions fields, likes
for setgid/setuid andt
for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
â ErikF
Feb 18 at 14:26
One last point of information: symbolic links will always have the formlrwxrwxrwx
: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
â ErikF
Feb 18 at 14:31
I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meantcd
. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
â cas
Feb 18 at 14:32
I've added a bit to hopefully clarify what "change to" means.
â ErikF
Feb 18 at 14:34
 |Â
show 1 more comment
up vote
3
down vote
accepted
up vote
3
down vote
accepted
No. The permissions that you see can be split into four components: type of entry, owner permissions, group permissions, and "all" permissions; "all" simply refers to anyone who is neither the owner or a member of the group. What the permissions mean depend on whether the entry is a file or a directory. A more thorough description of how permissions work is here.
So, for this example:
$ ls -dl /etc /etc/passwd /etc/shadow
drwxr-xr-x 58 root root 4096 Feb 13 19:08 /etc
-rw-r--r-- 1 root root 1887 Oct 11 21:49 /etc/passwd
-rw-r----- 1 root root 970 Oct 11 21:49 /etc/shadow
For /etc
:
d
: the entry is a directory.rwx
: the owner of the directory (root
) has full permissions to view and modify (add/delete/rename) file entries, and change to ("cd
") this directory.r-x
: members of the group (also calledroot
, but is not the same as the user calledroot
) have permissions to view file entries and change to ("cd
") this directory.r-x
: everyone else has permissions to view file entries and change to ("cd
") this directory.
Note that having permission to read a directory does not mean that you can read the contents of individual files: that is what file permissions are for.
Individual files work in a similar way, but the permissions refer to reading, writing and executing the file itself.
For /etc/passwd
:
-
: the entry is a regular file.rw-
: the owner (root
) can read and write to this file, but not run it directly from the command line.r--
: members of the group (root
) can only read this file.r--
: everyone else can read this file.
Originally the /etc/passwd
file did have (encrypted) passwords in it, but that was judged to be a security risk so the passwords were moved to a "shadow" copy of the password file called /etc/shadow
. It is only accessible by the root
user and group (-rw-r-----
): regular users cannot view it.
No. The permissions that you see can be split into four components: type of entry, owner permissions, group permissions, and "all" permissions; "all" simply refers to anyone who is neither the owner or a member of the group. What the permissions mean depend on whether the entry is a file or a directory. A more thorough description of how permissions work is here.
So, for this example:
$ ls -dl /etc /etc/passwd /etc/shadow
drwxr-xr-x 58 root root 4096 Feb 13 19:08 /etc
-rw-r--r-- 1 root root 1887 Oct 11 21:49 /etc/passwd
-rw-r----- 1 root root 970 Oct 11 21:49 /etc/shadow
For /etc
:
d
: the entry is a directory.rwx
: the owner of the directory (root
) has full permissions to view and modify (add/delete/rename) file entries, and change to ("cd
") this directory.r-x
: members of the group (also calledroot
, but is not the same as the user calledroot
) have permissions to view file entries and change to ("cd
") this directory.r-x
: everyone else has permissions to view file entries and change to ("cd
") this directory.
Note that having permission to read a directory does not mean that you can read the contents of individual files: that is what file permissions are for.
Individual files work in a similar way, but the permissions refer to reading, writing and executing the file itself.
For /etc/passwd
:
-
: the entry is a regular file.rw-
: the owner (root
) can read and write to this file, but not run it directly from the command line.r--
: members of the group (root
) can only read this file.r--
: everyone else can read this file.
Originally the /etc/passwd
file did have (encrypted) passwords in it, but that was judged to be a security risk so the passwords were moved to a "shadow" copy of the password file called /etc/shadow
. It is only accessible by the root
user and group (-rw-r-----
): regular users cannot view it.
edited Feb 18 at 14:34
answered Feb 18 at 13:21
ErikF
2,7111413
2,7111413
+1, but it took me a little while to realise that "...and change to this directory" meant "cd
to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
â cas
Feb 18 at 14:20
I'm glad that this was helpful. There are other letters that you may see in the permissions fields, likes
for setgid/setuid andt
for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
â ErikF
Feb 18 at 14:26
One last point of information: symbolic links will always have the formlrwxrwxrwx
: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
â ErikF
Feb 18 at 14:31
I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meantcd
. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
â cas
Feb 18 at 14:32
I've added a bit to hopefully clarify what "change to" means.
â ErikF
Feb 18 at 14:34
 |Â
show 1 more comment
+1, but it took me a little while to realise that "...and change to this directory" meant "cd
to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.
â cas
Feb 18 at 14:20
I'm glad that this was helpful. There are other letters that you may see in the permissions fields, likes
for setgid/setuid andt
for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)
â ErikF
Feb 18 at 14:26
One last point of information: symbolic links will always have the formlrwxrwxrwx
: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)
â ErikF
Feb 18 at 14:31
I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meantcd
. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)
â cas
Feb 18 at 14:32
I've added a bit to hopefully clarify what "change to" means.
â ErikF
Feb 18 at 14:34
+1, but it took me a little while to realise that "...and change to this directory" meant "
cd
to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.â cas
Feb 18 at 14:20
+1, but it took me a little while to realise that "...and change to this directory" meant "
cd
to it" rather than an unusual way of saying "... and change the directory". When it clicked, it was obvious. before then, not so much. overall, a great explanation.â cas
Feb 18 at 14:20
I'm glad that this was helpful. There are other letters that you may see in the permissions fields, like
s
for setgid/setuid and t
for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)â ErikF
Feb 18 at 14:26
I'm glad that this was helpful. There are other letters that you may see in the permissions fields, like
s
for setgid/setuid and t
for sticky files, but they're fairly uncommon and generally don't get touched unless you have specific requirements (you'll know if you need to set them!)â ErikF
Feb 18 at 14:26
One last point of information: symbolic links will always have the form
lrwxrwxrwx
: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)â ErikF
Feb 18 at 14:31
One last point of information: symbolic links will always have the form
lrwxrwxrwx
: this is not a security issue because the permissions only refer to the link itself (the system looks at the actual file for the real permissions.)â ErikF
Feb 18 at 14:31
I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meant
cd
. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)â cas
Feb 18 at 14:32
I'm not the OP (nor am i a newcomer to unix permissions). I was just commenting that you did a good job of explaining how perms work. BTW, I almost commented "I think you mean can't change the directory" until I realised you meant
cd
. Even now, I think there's probably a better way of phrasing that (disclaimer: I have had a flu-like virus for several weeks now and it is making my brain slow and dopey)â cas
Feb 18 at 14:32
I've added a bit to hopefully clarify what "change to" means.
â ErikF
Feb 18 at 14:34
I've added a bit to hopefully clarify what "change to" means.
â ErikF
Feb 18 at 14:34
 |Â
show 1 more comment
up vote
1
down vote
The owner of /etc and /boot is or should be root.
echo test > /etc/test
bash: /etc/test: Permission denied
Only the owner root has the permission to create files or delete them from the directory.
add a comment |Â
up vote
1
down vote
The owner of /etc and /boot is or should be root.
echo test > /etc/test
bash: /etc/test: Permission denied
Only the owner root has the permission to create files or delete them from the directory.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
The owner of /etc and /boot is or should be root.
echo test > /etc/test
bash: /etc/test: Permission denied
Only the owner root has the permission to create files or delete them from the directory.
The owner of /etc and /boot is or should be root.
echo test > /etc/test
bash: /etc/test: Permission denied
Only the owner root has the permission to create files or delete them from the directory.
answered Feb 18 at 13:04
user unknown
6,95412148
6,95412148
add a comment |Â
add a comment |Â
up vote
1
down vote
To delete a file a user needs write permission on the parent directory of the file. With the permissions set to drwxr-xr-x
only the owner of those directorys can delete files in them
add a comment |Â
up vote
1
down vote
To delete a file a user needs write permission on the parent directory of the file. With the permissions set to drwxr-xr-x
only the owner of those directorys can delete files in them
add a comment |Â
up vote
1
down vote
up vote
1
down vote
To delete a file a user needs write permission on the parent directory of the file. With the permissions set to drwxr-xr-x
only the owner of those directorys can delete files in them
To delete a file a user needs write permission on the parent directory of the file. With the permissions set to drwxr-xr-x
only the owner of those directorys can delete files in them
edited Feb 18 at 13:18
yeti
2,36611223
2,36611223
answered Feb 18 at 13:02
Captain Wobbles
1565
1565
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f424953%2fnormal-user-can-delete-important-files%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Have youtried, as a normal user, to delete
/etc/passwd
? Just 1) make a backup as root, 2) start two session 3) delete as a normal user the file.â Archemar
Feb 18 at 13:22